NIC-CR using their own certificates

As of today, 12 June, we are using our EPP module and fred-client certificates.They are signed by the same CA, in our case, our own. These scripts can help you to do that: CA creation (if you decide to have your own): -------------------------------------------- #!/bin/bash openssl genrsa -des3 -out nicca.key 4096 openssl req -new -x509 -days 1095 -key nicca.key -out nicca.crt -subj /C=<country>/L=<City>/O=<country>.NIC/OU=Registry/CN=localhost/ Certificate request and signing (the later is done by an external CA if you decide so): #!/bin/bash echo "Create CSR for $1" openssl genrsa -des3 -out $1.key 4096 openssl req -new -key $1.key -out $1.csr -subj /C=<country>/ST=<province/state>/L=<Location>/O=<country>.NIC/OU=Registry/CN=localhost/emailAddress=<your email address> echo "Sign certificate for $1" (you don't need this if you use an external CA) openssl x509 -req -days 1095 -in $1.csr -CA nicca.crt -CAkey nicca.key -set_serial 01 -out $1.crt echo "Generate key w/o passphrase" openssl rsa -in $1.key -out $1.key.insecure mv $1.key $1.key.secure mv $1.key.insecure $1.key The later script is used both for the EPP module and fred-client but create two independent certificates. Algo, for fred-client you need to modify the cert field in the registraracl table for the respective registrar so it states the FRED certificate fingerprint. Calculate that with this: openssl x509 -md5 -noout -in NIC-REG1.crt -fingerprint | awk 'BEGIN {FS="="} {print $2}' More details at http://www.guerra.co.cr/ (Certificate management using FRED). Any comment is welcome. -- Mario Guerra &lt;mguerra(a)nic.cr&gt;