Hi,
I'm successfully connecting to and able to login to FRED (demo) at TZNIC
- using the EPP Library that CentralNIC wrote (all PHP) - with some
modifications.
However - all "commands" after that seem to return the same (similar)
error message.
I've looked and copied examples from RFC5731...
As an example - the Info Command...
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command>
C: <info>
C: <domain:info
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name hosts="all">example.com</domain:name>
C: </domain:info>
C: </info>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
So I actually send:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<info>
<domain:info
xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name hosts="all">dnssec.or.tz</domain:name>
</domain:info>
</info>
<clTRID>ABC-12345</clTRID>
</command>
</epp>
and get back:
<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><response><result code="2001"><msg>Command syntax error</msg><extValue><value><domain:info xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name hosts="all">dnssec.or.tz</domain:name>
</domain:info></value><reason>Schemas validity error: Element '{urn:ietf:params:xml:ns:domain-1.0}info': No matching global element declaration available, but demanded by the strict wildcard.</reason></extValue></result><trID><svTRID>ReqID-0002778177</svTRID></trID></response></epp>
What seems to be common is "Schemas validity error: Element
'{urn:ietf:params:xml:ns:domain-1.0}info': No matching global element
declaration available, but demanded by the strict wildcard." and I have
no idea what that means.
What should I be sending then????
...and from a debugging prospective - getting the reply on more or less
one line is real hard to read for a Human. Yes - a Machine has no
problem. I wish there was a switch for "Human Readable XML" - all
neatly grouped and indented like in the RFC documents.
In case its my login - it looks like this - except with User/Passwd XXXX'ed out:
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<login>
<clID>REG-XXXXXXX</clID>
<pw>XXXXXXXX</pw>
<options>
<version>1.0</version>
<lang>en</lang>
</options>
<svcs>
<objURI>urn:ietf:params:xml:ns:domain-1.0</objURI>
<objURI>urn:ietf:params:xml:ns:contact-1.0</objURI>
<svcExtension>
<extURI>urn:ietf:params:xml:ns:secDNS-1.1</extURI>
</svcExtension>
</svcs>
</login>
</command>
</epp>
Reply==>
<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><response><result code="1000"><msg>Command completed successfully</msg></result><trID><svTRID>ReqID-0002778173</svTRID></trID></response></epp>
Please note - the current EPP XML works for the COZA System, Cocca and Central-NIC.
--
Mark James ELKINS - Posix Systems - (South) Africa
mje(a)posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
I'd like to have my own client written in PHP talk to FRED.
I was given separate CRT and KEY files by TZNIC. I've combined this
into a single PEM file with:
cat posix.key posix.crt > /tmp/tznic.pem
I can then successfully get the "Welcome" XML from FRED at TZNIC with:
openssl s_client -connect fred.tznic.or.tz:700 -cert /tmp/tznic.pem
This shows as a self-signed certificate (as expected).
(verify error:num=18:self signed certificate)
The combining of the crt and key is because php seems to want a combined
PEM certificate...
Then - I try connecting with a VERY stripped down PHP script....
(attached)...
The core of which is:
$ip="fred.tznic.or.tz";
$port=700;
$cert="/tmp/tznic.pem";
$context = stream_context_create();
$result = stream_context_set_option($context, 'ssl', 'local_cert',
$cert);
$result = stream_context_set_option($context, 'ssl', 'verify_peer',
false);
$result = stream_context_set_option($context, 'ssl', 'verify_host',
false);
$result = stream_context_set_option($context, 'ssl',
'allow_self_signed', true);
$fp = stream_socket_client("tls://$ip:$port", $errno,$errstr, 20,
STREAM_CLIENT_CONNECT, $context);
if(!$fp) echo "CONNECT ERROR: $errstr ($errno)\n";
else // read the packet......
The "stream_socket_client" simply times out.
What am I doing wrong???
Almost the same code works for: (ie changing machines, ports and Certs)
Central-NIC
ZACR/CO.ZA
CoCCA
The FRED test system at TZNIC is running certificate validation - I'm
assuming its got something to do with that????
I'm using a variety of different versioned PHP's
eg
PHP 5.5.18-pl0-gentoo (cli) (built: Nov 10 2014 22:20:27)
PHP 5.5.21-pl0-gentoo (cli) (built: Feb 6 2015 16:46:22)
PHP 5.4.34-pl0-gentoo (cli) (built: Nov 3 2014 11:10:23)
All do the same thing - timeout.
Is anyone using a PHP based client?? - that would be the start of a
WHMCS plugin for C-Panel (etc).
--
Mark James ELKINS - Posix Systems - (South) Africa
mje(a)posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
Hello All,
I want to make registrar X to register a domain to a certain zone[i.e mw].
How can i grant permission to registrar X to add a domain to a such a zone???
Regards,
Timothy
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
Hello all,
Can someone help on this:
I have done this,
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) make a certificate request (registrar.csr)
e) sign the certificate request (registrar.crt and registrar.key) with the new CA
authority
Afterwards, the server.crt and server.key and the ca.crt files are included in
/usr/share/fred-mod-eppd/ssl directory,then the epp file is tweaked to reflect the
files and the fred-client configuration file in /etc/fred/directory is modified like this:
ssl_cert = %(dir)s/registrar.crt
ssl_key = %(dir)s/registrar.key
Now, if I try to run fred-client this is the result:
Login Failed
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
How do I.
a) Define prices (creation, update, EPP).
b) Create credit for a zone-registrar combination.
c) Deduce each EPP transaction (creation, updating, etc.) so the
transaction applies to the credit?.
I have scripts for creating a new registrar with their respective
certificates, and I know how to intoroduce prices. Then I supposedly
give credit to a registrar and a zone, but when I use that zone and
registar using fred-client there is no transaction. I'm missing
simething but what?.
Mario Guerra
Hello all,
Can someone help on this:
I have done this,
a) create a CA authority (ca.key and ca.crt)
b) make a certificate request (server.csr)
c) sign the certificate request (server.crt and server.key) with the new CA authority
d) make a certificate request (registrar.csr)
e) sign the certificate request (registrar.crt and registrar.key) with the new CA
authority
Afterwards, the server.crt and server.key and the ca.crt files are included in
/usr/share/fred-client/ssl directory,then the epp file is tweaked to reflect the files
and the fred-client configuration file is modified like this:
ssl_cert = %(dir)s/registrar.crt
ssl_key = %(dir)s/registrar.key
Now, if I try to run fred-client this is the result:
Login Failed
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
Hello,
I need some help on the following:
1.Where does fred keep the certificates for registrars?
2.In which configuration file should i include the path for the registrars' certificates
and how?
Best Regards.
Mathias Timothy
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
On 16 Feb 2015 at 10:39, Mario Guerra <fred-users(a)lists.nic.cz> wrote:
> How do I.
>
> a) Define prices (creation, update, EPP).
> b) Create credit for a zone-registrar combination.
> c) Deduce each EPP transaction (creation, updating, etc.) so the
> transaction applies to the credit?.
>
> I have scripts for creating a new registrar with their respective
> certificates, and I know how to intoroduce prices.
Mario, all,
We at the Malawi .mw registry have just finished populating our FRED registry with data
at our current home built registry system. Our biggest challenge has been creating contacts.
We are now just at this point of creating new registrars and need to generate, install
and activate certificates for new registrars.
We would therefore like to request you to send us details on how you efficiently do
certificate generation, creation, installtion and activation of registrars. A copy of
your scripts sent to us, if available, would be very helpful.
We would also really like to hear how others do this as well. We are running on Fedora
and our target is to reach production phase by 15 March 2015, in about a month.
> Then I supposedly
> give credit to a registrar and a zone, but when I use that zone and
> registar using fred-client there is no transaction. I'm missing
> simething but what?.
We see that our next biggest challenge will be billing as we move the registry from the
2R model in the present system where the registry was billing every registrant to the 3R
model where we move to create, manage and bill registrars.
We need to resolve this soon as some domains will start to expire at the end of March
2015 and hence payments will need to be made. So answers on these question raised here
as well as any additional documentation will also be very helpful to us.
Regards,
Paulos
======================
Dr Paulos B Nyirenda
NIC.MW & .mw ccTLD
http://www.registrar.mw
>
> Mario Guerra
>
> _______________________________________________
> fred-users mailing list
> fred-users(a)lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/fred-users
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
Hi,
a week ago I participated on Registry Operators Course organized by
AFTLD. For this event I've prepared four presentations about FRED so if
anyone is interested, these presentations are available on the event
website:
http://aftld.org/events/?_sfwCOM=Event:Show;233030&pg=233068
Regards,
Jaromir
--
Jaromir Talir
technicky reditel / Chief Technical Officer
-------------------------------------------
CZ.NIC, z.s.p.o. -- .cz domain registry
Americka 23, 120 00 Praha 2, Czech Republic
mailto:jaromir.talir@nic.cz http://nic.cz/
sip:jaromir.talir@nic.cz tel:+420.222745107
mob:+420.739632712 fax:+420.222745112
-------------------------------------------
