Hi, I've been trying to connect to fred-server from fred-client for a long
time, but I'couldn not do so. I think that is all about certificates,
because this procedures are not deeply explained in documentations. I would
be very pleased if someone can tell me where to find the correct procedures.
The procedure I followed to get certificates and keys, is this one:
1. download CA.pl
2. run ./CA.pl -new ca
3. copy generated demoCA/cacert.pem to /usr/share/fred-mod-eppd/ssl/
4. run ./CA.pl -newreq
5. run CA.pl -sign
6. move generated newcert.pem and newkey.pem to
/usr/share/fred-mod-eppd/ssl/ and remove newreq.pem in CA.pl's directory
7. run again CA.pl -newreq
8. run again CA.pl -sign
9. move generated cert and key to /usr/share/fred-mod-eppd/ssl/
After that, I get client and mod-eppd configured to point these files, and
run the following script to insert registrars into database:
*#!/bin/bash
MD5=$(openssl x509 -in /usr/local/share/fred-client/ssl/newcert.pem
-fingerprint -noout -md5)
HANDLE=$1
PASSWORD=$2
NAME=$3
psql -U fred fred << _EOF_
INSERT INTO registrar (handle,name) VALUES ('${HANDLE}','${NAME}');
INSERT INTO registraracl (registrarid,cert,password) VALUES
(currval('registrar_id_seq'),'${MD5}','${PASSWORD}');
_EOF_
*
When starting apache, got this error.log:
FRED:/home/fred# more /var/log/apache2/error.log
*
[Wed Jan 27 17:44:07 2010] [warn] Init: Session Cache is not configured
[hint: SSLSessionCache]
[Wed Jan 27 17:44:07 2010] [notice] mod_corba started (mod_corba version
1.3.0, SVN revision unknown, BUILT Jan 18 2010 19:11:31)
[Wed Jan 27 17:44:07 2010] [notice] mod_eppd started (mod_eppd version
2.2.0, SVN revision unknown, BUILT Jan 18 2010 19:13:30)
[Wed Jan 27 17:44:07 2010] [warn] mod_whoisd: whoisd disclaimer not set,
using default.
[Wed Jan 27 17:44:07 2010] [notice] mod_whoisd started (mod_whoisd version
3.1.1, SVN revision unknown, BUILT Jan 18 2010 19:15:10)
[Wed Jan 27 17:44:07 2010] [notice] mod_python: Creating 8 session mutexes
based on 6 max processes and 25 max threads.
[Wed Jan 27 17:44:07 2010] [notice] mod_python: using mutex_directory /tmp
[Wed Jan 27 17:44:07 2010] [notice] mod_corba started (mod_corba version
1.3.0, SVN revision unknown, BUILT Jan 18 2010 19:11:31)
[Wed Jan 27 17:44:07 2010] [notice] mod_eppd started (mod_eppd version
2.2.0, SVN revision unknown, BUILT Jan 18 2010 19:13:30)
[Wed Jan 27 17:44:07 2010] [warn] mod_whoisd: whoisd disclaimer not set,
using default.
[Wed Jan 27 17:44:07 2010] [notice] mod_whoisd started (mod_whoisd version
3.1.1, SVN revision unknown, BUILT Jan 18 2010 19:15:10)
[Wed Jan 27 17:44:07 2010] [notice] Apache/2.2.9 (Debian) mod_python/3.3.1
Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g configured -- resuming normal
operations*
Following this, configured fred-client to use the two inserted registrars to
login. When running fred-client, input passphrase used to generate client's
cert, and getting this output:
*FRED:/home/fred# fred-client
Unsupported language code: 'es' in os.environ.LANG. Available codes are: cs,
en. Set default to: 'en'.
Enter PEM pass phrase:
FredClient 2.2.0
Type "help", "license" or "credits" for more information.
Using configuration from /usr/local/etc/fred/fred-client.conf
Connecting to localhost, port 700 ...
ERROR: Login failed.
*Log information in fred-eppd log:*
FRED:/home/fred# more /var/log/fred/fred-eppd.log
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Client connected
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call
(epp-cmd hello)
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call ok
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] request received
(length 700 bytes)
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] request content:
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<epp
xmlns="urn:ietf:param
s:xml:ns:epp-1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsd"><command><login><clID
REG-EPIN</clID><pw>passwd</pw><options><version>1.0</version><lang>en</lang></options><svcs><objURI>
http://www.nic.cz/xml/epp/contact-1.6</objURI><objURI>ht
tp://www.nic.cz/xml/epp/nsset-1.2</objURI><objURI>
http://www.nic.cz/xml/epp/domain-1.4</objURI><objURI>
http://www.nic.cz/xml/epp/keyset-1.3</objURI><svcExten
sion><extURI>http://www.nic.cz/xml/epp/enumval-1.2
</extURI></svcExtension></svcs></login><clTRID>ncai001#10-01-27at17:58:09</clTRID></command></epp>
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Fingerprint is:
07:A4:01:3E:56:77:C3:50:4B:84:0D:A8:E5:21:C7:2B
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call
(epp-cmd login)
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call ok
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] after corba call
command saved login id is 0, login id is 0
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] (epp-cmd 2)
response code 2501: sleeping for 0 ms
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Response content:
<?xml version="1.0" encoding="UTF-8"?> <epp
xmlns="urn:ietf:params:xml:ns:epp-1.
0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsd"><response><result code="2501"><msg>A
uthentication error; server closing
connection</msg></result><trID><clTRID>ncai001#10-01-27at17:58:09</clTRID><svTRID>ccReg-0000000019</svTRID></trID></respo
nse></epp>
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Session ended*
Thanks in advance
--
Ernesto Pin