a) Define prices for each zone. Notice that prices are defined per zone
only (you can't define a price for a registrar/zone combination). For
example:
fred-admin --price_add --operation_price 80.00 --zone_fqdn tld
--operation CreateDomain
fred-admin --price_add --operation_price 80.00 --zone_fqdn tld
--operation RenewDomain
fred-admin --price_add --operation_price 80.00 --zone_fqdn tld
--operation EppOperation
Take into account that the system registrar must be defined as such and
that these prices do not apply to the system registrar
b) Add invoice prefixes:
fred-admin --invoice_add_prefix --zone_fqdn tld --prefix 01
c) Now you can start assigning credit like this:
fred-admin --invoice_credit --zone_id 1 --registrar_id 2 --price 2000.0
The zone_id usually is the TLD zone. The registrar_id usually starts
with 2 for non-system registrars. I' m supposing you are using a
pre-paid policy. FRED allows for post-paid, too.
d) Now you can use fred-client with the new registrar (I' m assuming
that you previously created the regitrar with fred-admin and assigned
the zone to that registrar):
fred-client --user=<registar handle> --password=<registar password)
--cert=/usr/share/fred-client/ssl/<registar handle>.crt
--privkey=/usr/share/fred-client/ssl/<registar handle>.key
(for easier administration, we use for the crt and key files the same
name that the registrar one)
e) Now create, renew, etc. domains:
create_domain guerra.tld <contact id.> NULL <nsset id.> NULL (1 y)
I' m assuming that you previously created both the contact and the nsset
ids.
After this, for each domain created or renewed, that price is deduced
from the credit. If you use pre-paid and the accululative operations
exceed the credit, a FRED error is given.
Suppose this:
update_domain guerra.cr NULL NULL NULL (NULL GUERRA-CR-K NULL)
This example adds keyset GUERRA-CR-K to domain guerra.cr.
Now lets try to dissociate that keyset:
update_domain guerra.cr NULL NULL NULL (NULL () NULL)
It does not work. Notice that I don't use NULL which, in that context
does not touch the keyset entry. () should mean no keyset, right?. The
same applies to dissociating an nsset making the domain a reserved one.
For example:
update_domain guerra.cr.NULL NULL NULL (() NULL NULL)
Best regards.
Hello all,
How can i only extract the current-expiry-date of a domain??.
Regards,
Timothy
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
Hi,
I'm successfully connecting to and able to login to FRED (demo) at TZNIC
- using the EPP Library that CentralNIC wrote (all PHP) - with some
modifications.
However - all "commands" after that seem to return the same (similar)
error message.
I've looked and copied examples from RFC5731...
As an example - the Info Command...
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command>
C: <info>
C: <domain:info
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name hosts="all">example.com</domain:name>
C: </domain:info>
C: </info>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
So I actually send:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<info>
<domain:info
xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name hosts="all">dnssec.or.tz</domain:name>
</domain:info>
</info>
<clTRID>ABC-12345</clTRID>
</command>
</epp>
and get back:
<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><response><result code="2001"><msg>Command syntax error</msg><extValue><value><domain:info xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name hosts="all">dnssec.or.tz</domain:name>
</domain:info></value><reason>Schemas validity error: Element '{urn:ietf:params:xml:ns:domain-1.0}info': No matching global element declaration available, but demanded by the strict wildcard.</reason></extValue></result><trID><svTRID>ReqID-0002778177</svTRID></trID></response></epp>
What seems to be common is "Schemas validity error: Element
'{urn:ietf:params:xml:ns:domain-1.0}info': No matching global element
declaration available, but demanded by the strict wildcard." and I have
no idea what that means.
What should I be sending then????
...and from a debugging prospective - getting the reply on more or less
one line is real hard to read for a Human. Yes - a Machine has no
problem. I wish there was a switch for "Human Readable XML" - all
neatly grouped and indented like in the RFC documents.
In case its my login - it looks like this - except with User/Passwd XXXX'ed out:
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<login>
<clID>REG-XXXXXXX</clID>
<pw>XXXXXXXX</pw>
<options>
<version>1.0</version>
<lang>en</lang>
</options>
<svcs>
<objURI>urn:ietf:params:xml:ns:domain-1.0</objURI>
<objURI>urn:ietf:params:xml:ns:contact-1.0</objURI>
<svcExtension>
<extURI>urn:ietf:params:xml:ns:secDNS-1.1</extURI>
</svcExtension>
</svcs>
</login>
</command>
</epp>
Reply==>
<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><response><result code="1000"><msg>Command completed successfully</msg></result><trID><svTRID>ReqID-0002778173</svTRID></trID></response></epp>
Please note - the current EPP XML works for the COZA System, Cocca and Central-NIC.
--
Mark James ELKINS - Posix Systems - (South) Africa
mje(a)posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
I'd like to have my own client written in PHP talk to FRED.
I was given separate CRT and KEY files by TZNIC. I've combined this
into a single PEM file with:
cat posix.key posix.crt > /tmp/tznic.pem
I can then successfully get the "Welcome" XML from FRED at TZNIC with:
openssl s_client -connect fred.tznic.or.tz:700 -cert /tmp/tznic.pem
This shows as a self-signed certificate (as expected).
(verify error:num=18:self signed certificate)
The combining of the crt and key is because php seems to want a combined
PEM certificate...
Then - I try connecting with a VERY stripped down PHP script....
(attached)...
The core of which is:
$ip="fred.tznic.or.tz";
$port=700;
$cert="/tmp/tznic.pem";
$context = stream_context_create();
$result = stream_context_set_option($context, 'ssl', 'local_cert',
$cert);
$result = stream_context_set_option($context, 'ssl', 'verify_peer',
false);
$result = stream_context_set_option($context, 'ssl', 'verify_host',
false);
$result = stream_context_set_option($context, 'ssl',
'allow_self_signed', true);
$fp = stream_socket_client("tls://$ip:$port", $errno,$errstr, 20,
STREAM_CLIENT_CONNECT, $context);
if(!$fp) echo "CONNECT ERROR: $errstr ($errno)\n";
else // read the packet......
The "stream_socket_client" simply times out.
What am I doing wrong???
Almost the same code works for: (ie changing machines, ports and Certs)
Central-NIC
ZACR/CO.ZA
CoCCA
The FRED test system at TZNIC is running certificate validation - I'm
assuming its got something to do with that????
I'm using a variety of different versioned PHP's
eg
PHP 5.5.18-pl0-gentoo (cli) (built: Nov 10 2014 22:20:27)
PHP 5.5.21-pl0-gentoo (cli) (built: Feb 6 2015 16:46:22)
PHP 5.4.34-pl0-gentoo (cli) (built: Nov 3 2014 11:10:23)
All do the same thing - timeout.
Is anyone using a PHP based client?? - that would be the start of a
WHMCS plugin for C-Panel (etc).
--
Mark James ELKINS - Posix Systems - (South) Africa
mje(a)posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
Hello All,
I want to make registrar X to register a domain to a certain zone[i.e mw].
How can i grant permission to registrar X to add a domain to a such a zone???
Regards,
Timothy
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
Hello all,
Can someone help on this:
I have done this,
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) make a certificate request (registrar.csr)
e) sign the certificate request (registrar.crt and registrar.key) with the new CA
authority
Afterwards, the server.crt and server.key and the ca.crt files are included in
/usr/share/fred-mod-eppd/ssl directory,then the epp file is tweaked to reflect the
files and the fred-client configuration file in /etc/fred/directory is modified like this:
ssl_cert = %(dir)s/registrar.crt
ssl_key = %(dir)s/registrar.key
Now, if I try to run fred-client this is the result:
Login Failed
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
How do I.
a) Define prices (creation, update, EPP).
b) Create credit for a zone-registrar combination.
c) Deduce each EPP transaction (creation, updating, etc.) so the
transaction applies to the credit?.
I have scripts for creating a new registrar with their respective
certificates, and I know how to intoroduce prices. Then I supposedly
give credit to a registrar and a zone, but when I use that zone and
registar using fred-client there is no transaction. I'm missing
simething but what?.
Mario Guerra
Hello all,
Can someone help on this:
I have done this,
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) make a certificate request (registrar.csr)
e) sign the certificate request (registrar.crt and registrar.key) with the new CA
authority
Afterwards, the server.crt and server.key and the ca.crt files are included in
/usr/share/fred-client/ssl directory,then the epp file is tweaked to reflect the files
and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/registrar.crt
ssl_key = %(dir)s/registrar.key
Now, if I try to run fred-client this is the result:
Login Failed
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
Hello,
I need some help on the following:
1.Where does fred keep the certificates for registrars?
2.In which configuration file should i include the path for the registrars' certificates
and how?
Best Regards.
Mathias Timothy
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
