I have done this, according to http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your own CA):
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) change the server key so it does not ask for a passphrase.
Afterwards, the server.crt and server.key files are included in /usr/share/fred-client/ssl directory, and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/server.crt
ssl_key = %(dir)s/server.key
Now, if I try to run fred-client this is the result:
ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
Certificate not signed by verified certificate authority
What should I do for fred-client to identify these certificates as valid?.
Thanks in advance.
Note: the new fred-client is perfectly compatible with FRED 2.2.
--
Mario Guerra <mguerra(a)nic.cr>
Hi,
I managed to install the FRED Registry management system on Ubuntu 20.04.
However, I am having trouble running the fred-admin command. For
instance when I read the below command:
root@fred-ubuntu:/etc/fred# fred-admin --registrar_add --handle=sys_reg
--reg_name="System registrar" --country=MW --no_vat --system
I get this error:
Error: the option '--messenger.archive_rendered' is required but missing
and when I try to use the option '--messenger.archive_rendered', like
here below:
root@fred-ubuntu:/etc/fred# fred-admin --registrar_add --handle=sys_reg
--reg_name="System registrar" --country=MW --no_vat --system
--messenger.archive_rendered
I get this error:
Error: found unknown configuration with option_group_index 22 :
--messenger.archive_rendered
Any suggestion as to how I could proceed?
Your assistance is greatly appreciated.
--
Regards,
Denzell Yonah
Internet Technician
Malawi SDNP
Tel: 882 089 166 <tel:882 089 166> | Cell: 888 844 657 <tel:888 824 787>
domains(a)registrar.mw <mailto:domains@registrar.mw>
http://www.nic.mw | http://www.registrar.mw <http://www.nic.mw |
http://www.registrar.mw>
P.O. Box 31762, Malawi SDNP, Chichiri, Blantyre
Dear Team,
I have performed restoration test and I have got below error;
Traceback (most recent call last):
File "/usr/bin/genzone_client", line 11, in <module>
load_entry_point('fred-pyfred==2.15.1', 'console_scripts', 'genzone_client')()
File "/usr/lib/python2.7/dist-packages/pyfred/commands/genzone_client.py", line 215, in run_genzone_client
ns=nameservice, context=corba_context).getZoneNameList()
File "/usr/lib/python2.7/dist-packages/pyfred/zone.py", line 191, in getObject
raise ZoneException("CORBA failure, original exception is: %s" % e)
pyfred.zone.ZoneException: CORBA failure, original exception is: CosNaming.NamingContext.NotFound(why=missing_node, rest_of_name=[CosNaming.NameComponent(id='ZoneGenerator', kind='Object')])
I request your guidance on sorting this issue. Thank you, Patrick
Hi
We manage the .co.zw 2LD registry for Zimbabwe and are interested in migrating
to use the FRED registry management system.
We first installed Ubuntu 16.04 LTS (Xenial Xerus) from scratch, with basic
utilities + sshd server package only, and then followed the instructions for
installation of FRED binaries at:
https://fred.nic.cz/documentation/html/AdminManual/Installation/BinsUbuntu.…
The first problem we found was with this command:
# sudo apt-key adv --keyserver hkp://keys.gnupg.net:80 --recv-keys
0x1C0200016A9AC5C6
The above keyserver has closed down so the site could not be found. We then
used keyserver.ubuntu.com instead, ie:
# sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys
0x1C0200016A9AC5C6
That was successful, with response:
gpg: key 6A9AC5C6: public key "CZ.NIC Release Automatic Signing Key
<archive-sign-key(a)nic.cz>" imported
We then continued with the instructions until the following command:
# sudo apt-get update
The response was:
GPG error: http://archive.nic.cz/ubuntu xenial Release: The following
signatures couldn't be verified because the public key is not available:
NO_PUBKEY E6DD3CAC7844804C
W: The repository 'http://archive.nic.cz/ubuntu xenial Release' is not signed.
We therefore requested the missing key (not in original notes):
# apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E6DD3CAC7844804C
That was successful, with response:
gpg: requesting key 7844804C from hkp server keyserver.ubuntu.com
gpg: key C11F5931: public key "CZ.NIC Release Automatic Signing Key
<archive-sign-key(a)nic.cz>" imported
We continued with the instructions until we came to installing the FRED package
itself:
# sudo apt-get --assume-yes install fred
The response was:
The following packages have unmet dependencies:
fred : Depends: fred-pyfred but it is not going to be installed
Depends: fred-rsifd but it is not going to be installed
Depends: nagios-pyfred-genzone-plugin but it is not going to be
installed
Depends: pyfred-filemanager but it is not going to be installed
Depends: pyfred-genzone but it is not going to be installed
Depends: python-pyfred but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
We then tried with aptitude instead, ie:
# sudo aptitude install fred
The failed response was:
The following packages have unmet dependencies:
python-pyfred : Depends: python-pygresql (>= 1:5.0) but it is not going to be
installed.
bind9-host : Depends: libbind9-140 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but
1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed.
Depends: libdns162 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but
1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed.
Depends: libisc160 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but
1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed.
Depends: libisccfg140 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but
1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed.
Depends: liblwres141 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but
1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed.
dnsutils : Depends: libbind9-140 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but
1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed.
Depends: libdns162 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but
1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed.
Depends: libisc160 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but
1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed.
Depends: libisccfg140 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but
1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed.
Depends: liblwres141 (= 1:9.10.3.dfsg.P4-8ubuntu1.16) but
1:9.10.3.dfsg.P4-8ubuntu1.19 is to be installed.
fred-pyfred : Depends: python-pygresql (>= 1:5.0) but it is not going to be
installed.
However aptitude could not fix the problem.
We removed the bind9-host and dnsutils packages, then ran "sudo apt-get update"
and "sudo apt-get upgrade", then reinstalled them and tried the aptitude
install again. This time it just reported:
The following packages have unmet dependencies:
python-pyfred : Depends: python-pygresql (>= 1:5.0) but it is not going to be
installed.
fred-pyfred : Depends: python-pygresql (>= 1:5.0) but it is not going to be
installed.
The following actions will resolve these dependencies:
Keep the following packages at their current version:
1) fred [Not Installed]
2) fred-pyfred [Not Installed]
3) fred-rsifd [Not Installed]
4) nagios-pyfred-genzone-plugin [Not Installed]
5) pyfred-filemanager [Not Installed]
6) pyfred-genzone [Not Installed]
7) python-pyfred [Not Installed]
Leave the following dependencies unresolved:
8) pyfred-filemanager recommends fred-pyfred
9) pyfred-genzone recommends fred-pyfred
Accept this solution? [Y/n/q/?]
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.
Do you have any suggestions as to how to proceed from here?
Regards
Jim Holland
System Administrator
Mango, operating on behalf of ZISPA
Managers of Zimbabwe's .co.zw domain name registry
Web: www.zispa.org.zw
On 23 Jan 2023 at 21:35, ZISPA DNS Admin wrote:
> Hi Paulos
>
> I don't know if you will remember me from the early days of the
> Internet. I took over from Rob Borland in managing the Mango email
> service here in Zimbabwe. Then in 2004 I became the system
> administrator of ZISPA which is responsible for the .co.zw domain name
> registry. I have managed it ever since.
Thanks for the introduction. I do remember Rob very well in the fidonet days and I have
heard of you but I cannot put a face to your name, all the same good to hear from you.
It is good to hear the apparently good story of your running .co.zw that you tell here below.
We at Malawi .mw used to do what you are doing manually with the registry over six years
ago before we fully automated to FRED, It was a growing mamoth task to do like this
manually. You just have to automate better. Here below are my suggestions.
I have seen your posts on FRED installation on Ubunthu. At .mw we did not choose Ubuntu,
we started with fedora and now use CentOs as our FRED platform, we find it much more
stable and we have gained considerable experience on this.
I expect that if you move to CentOs 8 then you will find installing FRED much smoother and I
can help better.
I got considerable assistance from Jaromir of .cz as copied above, its possible that you can
do the same if you send him mail personally rather that through the mailing list. In many
cases in the past, I have received assistance from the fred-users mailing list BUT I am not
sure why you have not received any assistnce either from .cz ccTLD or from FRED
developers on the mailing list.
I would also recommend you to attend an ICANN meeting where you can interact more
interactively with other FRED users and FRED developers so as to get on the spot answers
to your issues. ICANN76 is the next one in March 2023. You can then check to see who at
.cz or on fred-users list will be there and arrange a meeting.
I am also copying this to Jan Horak who runs one of our registrars on .mw, you may also find
it useful to get in touch with him regarding FRED and registrars.
We find FRED to be very good at .mw but it is a large well organised platform and where you
are now is very much at the beginning, there will be many more issues for you to deal with as
you make it operational. Using the mailing list alone may not work in full. If you can get past
the installation phase such as on Centos8 then the documentation now available on FRED
might get you through the rest.
Let me know if this helps.
Regards,
Paulos
=====================================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD: http://www.nic.mw
SDNP: http://www.sdnp.org.mw
Tel: +265-(0)-882 089 166
Cell: +265-(0)-888-824787
WhatsApp: +265-(0)-887386433
> The .co.zw registry has over 40 000 domains. On average there are
> around 100 domain updates per day, seven days a week. At the moment
> registrars submit applications for new domains by template. However
> modifications, transfers and deletions can also be processed in bulk
> by submitting files with the lists of domains concerned.
>
> Templates and bulk applications are handled by scripts that I have
> written. They update the .co.zw zone file and send notifies to the
> secondaries. With these scripts I can process and reply to an
> application within 20 seconds if it is straightforward. So at the
> moment the system (which I operate on my own) is quite capable of
> handling well over a hundred updates on a busy day. However obviously
> this is not going to be viable in the long term and so I am very keen
> to migrate the system to an automated one such as FRED, with the
> registrars connecting by EPP instead of sending templates to me by
> email.
>
> Unfortunately I have failed in my attempts to install FRED for test
> purposes, due to incompatible dependency issues, in spite of following
> the very detailed instructions at
> https://fred.nic.cz/documentation/html/AdminManual/Installation/BinsUb
> untu.html
>
> I have registered for the "fred-users" mailing list and submitted the
> details of the problem I have experienced with the installation, but
> have not had any response. I will send you a copy separately.
>
> I understand that you are using FRED for the .mw registry. I wonder if
> you would therefore be able to give me some advice on the steps you
> took to install the software yourself, or simply point out the error
> in the steps that I have taken so far. Your help would be most
> appreciated.
>
> I was interested to read that you obtained your PhD from UNSW, so
> would like to greet you as a fellow UNSW graduate, although in my case
> it was a mere bachelor degree - BE (Mech Eng) Hons 1.
>
> Currently
>
> Regards
>
> Jim Holland
> System Administrator
> Mango, operating on behalf of ZISPA
> Managers of Zimbabwe's .co.zw domain name registry
> Web: www.zispa.org.zw
--
This email has been checked for viruses by AVG antivirus software.
www.avg.com
Hello Team,
Is it possible for a registrars to remove keyset if registrant decides
to unsign domain name, if it is supposed to be done on db how is it done?
Thank you,
Patrick