Thanks, and a question

Jatomir and all: Thanks. I've tested the Live CD with the 01/01/2008 date. It works perfectly. The net effect is that it create zones so easily and, at the same time, stores in a database the administrative data using EPP. Moreover it keeps it simple. The disk installation: In our case my approach has been installing the Ubuntu hardy (8.04) .deb packages, fred-*.deb, which install dome dependencies too. I see that there are no .dev for fred-server (including the Python parts), so I installed these by hand (in /usr/.local) . Is that correct?. What about generating .deb packages for these, too?. For installing the certificates I do this: 1. I use the CA included in the ca-certificates Debian package which, in my opinion, is adequate (I don't have to generate a CA certificate myself. 2. For the mod-eppd Apache module, I generate the self-signed certificates using the usual procedures for generating them for encrypted HTML: openssl genrsa -des3 -out eppd.key 4096 openssl req -new -key eppd.key -out eppd.csr openssl x509 -req -days 3650 -in eppd.csr -signkey eppd.key -out eppd.crt openssl rsa -in eppd.key -out eppd.key.insecure mv eppd.key eppd.key.secure;mv eppd.key.insecure eppd.key chmod 600 *.key /etc/init.d/apache2 force-reload 3. For the fred-client certificate configuration I rather use a method I prefer, say,, for dovecot SSL configuration: openssl req -new -x509 -nodes -out eppclient.pem -keyout eppclient.pem 4. After generating both certificates I first configure the mod-eppd virtualhost: Listen *:700 <VirtualHost *:700> CorbaEnable On CorbaNameservice "localhost" CorbaObject "EPP" "EPP_alias" EPPprotocol On EPPObject "EPP_alias" EPPschema "/usr/share/fred-mod-eppd/schemas/all-1.4.xsd" EPPservername "CR.NIC's EPP server" EPPlog "/var/log/apache2/eppd.log" EPPloglevel error EPPvalidResponse Off SSLEngine off SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+ EXP:+eNULL SSLVerifyClient require SSLCertificateFile /etc/ssl/fred/eppd.crt SSLCertificateKeyFile /etc/ssl/fred/eppd.key SSLCACertificateFile /etc/ssl/certs/ca.pem SSLVerifyDepth 1 </VirtualHost> Notice the /etc/ssl/certs/ca.pem CA certificate, which is the standard Ubuntu CA certificate. This should be adequate, because it expires much later. 5. /etc/init.d/apache2 force-reload 6. For the epp-client configuration file I have this in /usr/local/etc/fred/fred-client.conf: [connect] ;; dir=/usr/local/share/fred-client/ssl host = localhost port = 700 ssl_cert = /etc/ssl/fred/eppclient.pem ssl_key = /etc/ssl/fred/eppclient.pem username = REG-FRED_A password = passwd username2 = REG-FRED_B password2 = passwd etc..... 7. When I run fred-client I get this: root@mguerra:/etc/fred# fred-client FredClient 1.6.1 Type "help", "license" or "credits" for more information. Using configuration from /usr/local/etc/fred/fred-client.conf Connecting to localhost, port 700 ... ERROR: socket.sslerror: (1, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol') (localhost:700) Certificate not signed by verified certificate authority. The date gives this: mié sep 24 11:33:57 CST 2008 (mié means Wednesday). What can be the reason for this?. Should I use other CA certificate?. Or perhaps I should use a certificate in ~/fredclient.pem?. Thank you in advance. Mario