23 Bře
2010
23 Bře
'10
17:12
The last time i installed Fred, the certificate was installed by default.
I guess if you do the installation correct first time, you dont need to
worry about the certificate.
But i think its only a test certificate, maybe it should be changed with
another one anyway ?
Petur Kirke
Faroe Islands
Hi Ernesto,
sorry for late response. You mention the same problem as Petur has in
his last post. Resolution should be the same.
Regards,
Jaromir
Ernesto Pin píše v Čt 28. 01. 2010 v 16:56 -0200:
Hi, I've been trying to connect to fred-server
from fred-client for a
long time, but I'couldn not do so. I think that is all about
certificates, because this procedures are not deeply explained in
documentations. I would be very pleased if someone can tell me where
to find the correct procedures.
The procedure I followed to get certificates and keys, is this one:
1. download CA.pl
2. run ./CA.pl -new ca
3. copy generated demoCA/cacert.pem
to /usr/share/fred-mod-eppd/ssl/
4. run ./CA.pl -newreq
5. run CA.pl -sign
6. move generated newcert.pem and newkey.pem
to /usr/share/fred-mod-eppd/ssl/ and remove newreq.pem in
CA.pl's directory
7. run again CA.pl -newreq
8. run again CA.pl -sign
9. move generated cert and key to /usr/share/fred-mod-eppd/ssl/
After that, I get client and mod-eppd configured to point these files,
and run the following script to insert registrars into database:
#!/bin/bash
MD5=$(openssl x509 -in /usr/local/share/fred-client/ssl/newcert.pem
-fingerprint -noout -md5)
HANDLE=$1
PASSWORD=$2
NAME=$3
psql -U fred fred << _EOF_
INSERT INTO registrar (handle,name) VALUES ('${HANDLE}','${NAME}');
INSERT INTO registraracl (registrarid,cert,password) VALUES
(currval('registrar_id_seq'),'${MD5}','${PASSWORD}');
_EOF_
When starting apache, got this error.log:
FRED:/home/fred# more /var/log/apache2/error.log
[Wed Jan 27 17:44:07 2010] [warn] Init: Session Cache is not
configured [hint: SSLSessionCache]
[Wed Jan 27 17:44:07 2010] [notice] mod_corba started (mod_corba
version 1.3.0, SVN revision unknown, BUILT Jan 18 2010 19:11:31)
[Wed Jan 27 17:44:07 2010] [notice] mod_eppd started (mod_eppd version
2.2.0, SVN revision unknown, BUILT Jan 18 2010 19:13:30)
[Wed Jan 27 17:44:07 2010] [warn] mod_whoisd: whoisd disclaimer not
set, using default.
[Wed Jan 27 17:44:07 2010] [notice] mod_whoisd started (mod_whoisd
version 3.1.1, SVN revision unknown, BUILT Jan 18 2010 19:15:10)
[Wed Jan 27 17:44:07 2010] [notice] mod_python: Creating 8 session
mutexes based on 6 max processes and 25 max threads.
[Wed Jan 27 17:44:07 2010] [notice] mod_python: using
mutex_directory /tmp
[Wed Jan 27 17:44:07 2010] [notice] mod_corba started (mod_corba
version 1.3.0, SVN revision unknown, BUILT Jan 18 2010 19:11:31)
[Wed Jan 27 17:44:07 2010] [notice] mod_eppd started (mod_eppd version
2.2.0, SVN revision unknown, BUILT Jan 18 2010 19:13:30)
[Wed Jan 27 17:44:07 2010] [warn] mod_whoisd: whoisd disclaimer not
set, using default.
[Wed Jan 27 17:44:07 2010] [notice] mod_whoisd started (mod_whoisd
version 3.1.1, SVN revision unknown, BUILT Jan 18 2010 19:15:10)
[Wed Jan 27 17:44:07 2010] [notice] Apache/2.2.9 (Debian)
mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g configured
-- resuming normal operations
Following this, configured fred-client to use the two inserted
registrars to login. When running fred-client, input passphrase used
to generate client's cert, and getting this output:
FRED:/home/fred# fred-client
Unsupported language code: 'es' in os.environ.LANG. Available codes
are: cs, en. Set default to: 'en'.
Enter PEM pass phrase:
FredClient 2.2.0
Type "help", "license" or "credits" for more information.
Using configuration from /usr/local/etc/fred/fred-client.conf
Connecting to localhost, port 700 ...
ERROR: Login failed.
Log information in fred-eppd log:
FRED:/home/fred# more /var/log/fred/fred-eppd.log
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Client
connected
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call
(epp-cmd hello)
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call
ok
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] request
received (length 700 bytes)
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] request
content: <?xml version="1.0" encoding="utf-8"
standalone="no"?> <epp
xmlns="urn:ietf:param
s:xml:ns:epp-1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsd"><command><login><clID
--
Jaromir Talir
technicky reditel / Chief Technical Officer
-------------------------------------------
CZ.NIC, z.s.p.o. -- .cz domain registry
Americka 23, 120 00 Praha 2, Czech Republic
mailto:jaromir.talir@nic.cz http://nic.cz/
sip:jaromir.talir@nic.cz tel:+420.222745107
mob:+420.739632712 fax:+420.222745112
-------------------------------------------
REG-EPIN</clID><pw>passwd</pw><options><version>1.0</version><lang>en</lang></options><svcs><objURI>http://www.nic.cz/xml/epp/contact-1.6</objURI><objURI>ht
tp://www.nic.cz/xml/epp/nsset-1.2</objURI><objURI>http://www.nic.cz/xml/epp/domain-1.4</objURI><objURI>http://www.nic.cz/xml/epp/keyset-1.3</objURI><svcExten
sion><extURI>http://www.nic.cz/xml/epp/enumval-1.2</extURI></svcExtension></svcs></login><clTRID>ncai001#10-01-27at17:58:09</clTRID></command></epp>
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Fingerprint
is: 07:A4:01:3E:56:77:C3:50:4B:84:0D:A8:E5:21:C7:2B
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call
(epp-cmd login)
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Corba call
ok
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] after corba
call command saved login id is 0, login id is 0
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] (epp-cmd 2)
response code 2501: sleeping for 0 ms
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Response
content: <?xml version="1.0" encoding="UTF-8"?> <epp
xmlns="urn:ietf:params:xml:ns:epp-1.
0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
epp-1.0.xsd"><response><result code="2501"><msg>A
uthentication error; server closing
connection</msg></result><trID><clTRID>ncai001#10-01-27at17:58:09</clTRID><svTRID>ccReg-0000000019</svTRID></trID></respo
nse></epp>
[27/Jan/2010:17:58:09 --0200] 127.0.0.1 [sessionID 408120] Session
ended
Thanks in advance
--
Ernesto Pin
_______________________________________________
fred-users mailing list
fred-users(a)lists.nic.cz
https://lists.nic.cz/mailman/listinfo/fred-users