Hi, I've been trying to connect to fred-server from fred-client for a long time, but I'couldn not do so. I think that is all about certificates, because this procedures are not deeply explained in documentations. I would be very pleased if someone can tell me where to find the correct procedures.
The procedure I followed to get certificates and keys, is this one:
- download CA.pl
- run ./CA.pl -new ca
- copy generated demoCA/cacert.pem to /usr/share/fred-mod-eppd/ssl/
- run ./CA.pl -newreq
- run CA.pl -sign
- move generated newcert.pem and newkey.pem to /usr/share/fred-mod-eppd/ssl/ and remove newreq.pem in CA.pl's directory
- run again CA.pl -newreq
- run again CA.pl -sign
- move generated cert and key to /usr/share/fred-mod-eppd/ssl/
After that, I get client and mod-eppd configured to point these files, and run the following script to insert registrars into database:
#!/bin/bash
MD5=$(openssl x509 -in /usr/local/share/fred-client/ssl/newcert.pem -fingerprint -noout -md5)
HANDLE=$1
PASSWORD=$2
NAME=$3
psql -U fred fred << _EOF_
INSERT INTO registrar (handle,name) VALUES ('${HANDLE}','${NAME}');
INSERT INTO registraracl (registrarid,cert,password) VALUES (currval('registrar_id_seq'),'${MD5}','${PASSWORD}');
_EOF_
When starting apache, got this error.log:
FRED:/home/fred# more /var/log/apache2/error.log
[Wed Jan 27 17:44:07 2010] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Wed Jan 27 17:44:07 2010] [notice] mod_corba started (mod_corba version 1.3.0, SVN revision unknown, BUILT Jan 18 2010 19:11:31)
[Wed Jan 27 17:44:07 2010] [notice] mod_eppd started (mod_eppd version 2.2.0, SVN revision unknown, BUILT Jan 18 2010 19:13:30)
[Wed Jan 27 17:44:07 2010] [warn] mod_whoisd: whoisd disclaimer not set, using default.
[Wed Jan 27 17:44:07 2010] [notice] mod_whoisd started (mod_whoisd version 3.1.1, SVN revision unknown, BUILT Jan 18 2010 19:15:10)
[Wed Jan 27 17:44:07 2010] [notice] mod_python: Creating 8 session mutexes based on 6 max processes and 25 max threads.
[Wed Jan 27 17:44:07 2010] [notice] mod_python: using mutex_directory /tmp
[Wed Jan 27 17:44:07 2010] [notice] mod_corba started (mod_corba version 1.3.0, SVN revision unknown, BUILT Jan 18 2010 19:11:31)
[Wed Jan 27 17:44:07 2010] [notice] mod_eppd started (mod_eppd version 2.2.0, SVN revision unknown, BUILT Jan 18 2010 19:13:30)
[Wed Jan 27 17:44:07 2010] [warn] mod_whoisd: whoisd disclaimer not set, using default.
[Wed Jan 27 17:44:07 2010] [notice] mod_whoisd started (mod_whoisd version 3.1.1, SVN revision unknown, BUILT Jan 18 2010 19:15:10)
[Wed Jan 27 17:44:07 2010] [notice] Apache/2.2.9 (Debian) mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g configured -- resuming normal operations
Following this, configured fred-client to use the two inserted registrars to login. When running fred-client, input passphrase used to generate client's cert, and getting this output:
FRED:/home/fred# fred-client
Unsupported language code: 'es' in os.environ.LANG. Available codes are: cs, en. Set default to: 'en'.
Enter PEM pass phrase:
FredClient 2.2.0
Type "help", "license" or "credits" for more information.
Using configuration from /usr/local/etc/fred/fred-client.conf
Connecting to localhost, port 700 ...
ERROR: Login failed.
Log information in fred-eppd log:
FRED:/home/fred# more /var/log/fred/fred-eppd.log
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Client connected
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call (epp-cmd hello)
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call ok
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] request received (length 700 bytes)
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] request content: <?xml version="1.0" encoding="utf-8" standalone="no"?> <epp xmlns="urn:ietf:param
s:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><command><login><clID
>REG-EPIN</clID><pw>passwd</pw><options><version>1.0</version><lang>en</lang></options><svcs><objURI>http://www.nic.cz/xml/epp/contact-1.6</objURI><objURI>ht
tp://www.nic.cz/xml/epp/nsset-1.2</objURI><objURI>http://www.nic.cz/xml/epp/domain-1.4</objURI><objURI>http://www.nic.cz/xml/epp/keyset-1.3</objURI><svcExten
sion><extURI>http://www.nic.cz/xml/epp/enumval-1.2</extURI></svcExtension></svcs></login><clTRID>ncai001#10-01-27at17:58:09</clTRID></command></epp>
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Fingerprint is: 07:A4:01:3E:56:77:C3:50:4B:84:0D:A8:E5:21:C7:2B
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call (epp-cmd login)
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call ok
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] after corba call command saved login id is 0, login id is 0
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] (epp-cmd 2) response code 2501: sleeping for 0 ms
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Response content: <?xml version="1.0" encoding="UTF-8"?> <epp xmlns="urn:ietf:params:xml:ns:epp-1.
0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><response><result code="2501"><msg>A
uthentication error; server closing connection</msg></result><trID><clTRID>ncai001#10-01-27at17:58:09</clTRID><svTRID>ccReg-0000000019</svTRID></trID></respo
nse></epp>
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Session ended
Thanks in advance
--
Ernesto Pin