Got it and it is quite curious. The problem SEEMS to happen if the registrar handle has lowercase letter(s). I'm testing this more thoroughly.

Best regards.

Mario Guerra - NIC-CR

De: Mario Guerra <mguerra@nic.cr>
Enviado: jueves, 4 de julio de 2024 14:54
Para: fred-users@lists.nic.cz <fred-users@lists.nic.cz>
Cc: Ricardo Samper Jimenez <rsamper@nic.cr>
Asunto: A curious behaviour for a FRED client
 
Hello.

One of our clients, who wish to connect to our FRED server is having problems for managing his connection. Also, I can reproduce their situation.

Most of our registrars use either the fred-client Python-based script, or the Python API. And they can manage all their operations without problems.

In their case, they connect in a completely different way. They use a Java-based client, and also they generated THEIR csr file. It was sent to us, along their key, in a zip file). The csr file was appopiately signed, put in the proper place at /usr/share/fred-client/ssl, so the certificate and key are present.

And here is what is odd. They can properly login (and us too using fred-client testing that). But if you try to manage any objects at the creation, a Command failed is issued. This happens with their Java-based client and also with fred-client, testing their configuration, certificate and all.

And the odd thing is that any other client manages every thing appropiately.

Here is the fred-client.conf relevant part:

### Connection settings
[connect]
# Path to the directory with certificates
dir = /usr/share/fred-client/ssl
# Server name
host = 127.0.0.1
# Server port (default: 700)
port = 700
# File path of the certificate
ssl_cert = %(dir)s/<our client>.crt
# File path of the private key
ssl_key  = %(dir)s/<their key>.pem
# Login username and password
username = <their username>
password = <their password>

As I said the login is perfect but not the object management

Any hints?

The certificate was signed using their key, but our CA.

Best regards
Mario Guerra - NIC-CR