I've written this so you can properly use your own certificates in a FRED production environment, either using your own or an external CA.
http://www.blogger.com/blogger.g?blogID=4416341164567520466#editor/target=p…
Consider this a draft and feel free to comment about it.
Best regards.
--
Mario Guerra <mguerra(a)nic.cr>
Dear all,
I am having a problem installing fred when I install fred-pyfred, it is
giving me an error saying that the popen2 is duplicated and I should
use the subprocess module.
I am confused and don't want to make more errors, can you help me?
Thank you
Hello everyone,
Probably this is the best place to ask, since WHMCS is being used by most small hosters today, does anyone know if there is some Module for WHMCS and FRED installations!?
Regards,
A
Hello guys
Bryton's right. But let's not forget about registraracl table and MD5
fingerprint of the certificate after.
Some more details can be found in the excerpt I attach. They're not so
relevant in this case but they might be helpful to some folks in the
future. It's openssl and Ubuntu based.
Best
Piotr
On 21/05/12 18:32, bfocus(a)tznic.or.tz wrote:
>
> Mario,
>
> Have you tweaked epp file in apache by adding the new CA and the server
> cert and key?
>
> What I normally do is I use tinyca on a separate machine...
>
> I create a CA,create server cert and key and finally the client cert and key.
>
> Once done I ship them to the server I want then does a small change on the
> epp file in apache to reflect the ca and server cert/key
>
> Then I use client certs and key for fred-client.
>
> I have never tried to use the same server cert and key for the fred-client.
>
> Bryton.
>
>> I have done this, according to
>> http://www.tc.umn.edu/~brams006/selfsign.html, part 1B (generating your
>> own CA):
>>
>> a) create a CA authority (ca.key and ca.crt)
>> b) make a certificate request (server.csr)
>> c) sign the certificate request (server.crt and server.key) with the new
>> CA authority
>> d) change the server key so it does not ask for a passphrase.
>>
>> Afterwards, the server.crt and server.key files are included in
>> /usr/share/fred-client/ssl directory, and the fred-client configuration
>> file is modified like this:
>>
>> ssl_cert = %(dir)s/server.crt
>> ssl_key = %(dir)s/server.key
>>
>> Now, if I try to run fred-client this is the result:
>>
>> ERROR: socket.sslerror: [Errno 1] _ssl.c:480: error:14094418:SSL
>> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (200.107.82.18:700)
>> Certificate not signed by verified certificate authority
>>
>> What should I do for fred-client to identify these certificates as valid?.
>>
>> Thanks in advance.
>>
>> Note: the new fred-client is perfectly compatible with FRED 2.2.
>>
>>
>> --
>> Mario Guerra <mguerra(a)nic.cr>
>> _______________________________________________
>> fred-users mailing list
>> fred-users(a)lists.nic.cz
>> https://lists.nic.cz/cgi-bin/mailman/listinfo/fred-users
>>
>
>
> _______________________________________________
> fred-users mailing list
> fred-users(a)lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/fred-users
Jaromir,
I would like to participate.
It is my hope that you will have a detailed hands on installation session. I would like
to return with a working FRED registry on my Fedora laptop that includes the new
features as well like post paid billing.
Regards,
Paulos
==============================
Dr Paulos Nyirenda
Malawi SDNP Coodinator
On 17 May 2012 at 13:55, Jaromir Talir wrote:
> Hi,
>
> CZ.NIC will host next ICANN meeting in Prague in June 24-29 this year -
> http://prague44.icann.org/ and http://www.icannprague.cz/
>
> I had an idea to do one day workshop for FRED prior to this meeting on
> Sunday 24 if there will be some demand. Topics would cover:
> - features, architecture, component description
> - installation procedure
> - basic configuration - adding zone, adding registrar,...
> - place for questions.
>
> The workshop would be in our offices where we have small educational
> room for 20 people. Please let me know if you would like to participate
> in this activity, we have five weeks to arrange it.
>
> Regards,
> Jaromir
>
> --
> Jaromir Talir
> technicky reditel / Chief Technical Officer
> -------------------------------------------
> CZ.NIC, z.s.p.o. -- .cz domain registry
> Americka 23, 120 00 Praha 2, Czech Republic
> mailto:jaromir.talir@nic.cz http://nic.cz/
> sip:jaromir.talir@nic.cz tel:+420.222745107
> mob:+420.739632712 fax:+420.222745112
> -------------------------------------------
>
> _______________________________________________
> fred-users mailing list
> fred-users(a)lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/fred-users
----------------------------------------------------------
Malawi SDNP Webmail: http://www.sdnp.org.mw
Access your Malawi SDNP e-mail from anywhere in the world.
----------------------------------------------------------
Hi,
finally we managed to complete new version suitable for public release.
I uploaded files to http://fred.nic.cz/wiki/download
Just a quick summary of what are the main changes:
(1) auditing component - after 3 years running fred (2007-2010) we found
out that almost 99% of database size is in tables action and action_xml
used to log all incoming EPP communication and database is getting to be
non-maintainable. So we decided to change fred architecture and create
separate general component for logging incoming request. Database for
this consists of (request_*,session_*,..) monthly partitioned tables and
can be installed separately from main database. It its now used by EPP
fronted, unix whois, web whois and webadmin to store all requests in
FRED.
(2) billing component - invoicing was rewritten with intention to
support not only prepaid but also postpaid model. Price list can be
configured that in the way that charged operations are not blocked when
there is no credit, registrar sees negative credit in 'credit_info'
command and this is cleared when there is an incoming payment. Tables
for holding incoming payments were simplified and there is a simple way
to register new payment from general xml file describing payments. There
is also new component fred-transproc for transaction processing. It
queries IMAP and HTTP sources and transform responses into this new xml
file that is passed to fred. There are some example modules for our
local banks that can be used as starting point for your own modules
(3) messaging component - we added possibility to send and archive SMS
and snail mail letters automatically. But this is based on external
services so there must be some local company having web service for sms
or snail mail processing. Then script that call this web service must be
created and uploaded into fred for this feature to work.
(4) mojeid changes - we build a identity solution called mojeid (myid)
over registry (www.mojeid.cz). This is not part of fred and just use
fred as backend. It constis of validation of contact data by sending sms
to his phone number, email to his email address and snail mail letter to
his postal address. After completion of three pieces of information
send by this three channels we set status identified to this contact and
user can maintain his contact data directly through new application.
This contact also can take advantage of openid server and used the same
authentication process for different website supporting openid. I
mention this because you may see some of these mojeid changes in fred,
but actually are not useful for you. We are in the process of more
separating these things out of fred.
If you will decide to migrate we suggest to do new installation because
there are quite a lot of changes in configurations and than migrate
database according upgrade scripts in fred-db packages. Of course there
should be a intensive testing before going to production.
Regards,
Jaromir
--
Jaromir Talir
technicky reditel / Chief Technical Officer
-------------------------------------------
CZ.NIC, z.s.p.o. -- .cz domain registry
Americka 23, 120 00 Praha 2, Czech Republic
mailto:jaromir.talir@nic.cz http://nic.cz/
sip:jaromir.talir@nic.cz tel:+420.222745107
mob:+420.739632712 fax:+420.222745112
-------------------------------------------
Hello,
Does anyone know if there exists a full list of all the possible errors that might happen during the connection of Fred-Client with the server? The respective error messages might also be useful.
Thanks,
Besmira
Dear Sirs,
I am currently trying to run my EPP client against the fred testbed server "epp.demo.fred.nic.cz" (connection and certificate work perfectly).
But unfortunately I get a "greeting" response when I send a "login" request. Maybe you can tell me what I am missing (my last clTRID was FREDA-1333540552-b4bcf)?
I'll attach a dump of the hello+login commands I sent "OUT" together with the responses I got back "IN".
Thanks in advance!
Günther
== OUT ==
^@^@^@y<?xml version="1.0" encoding="UTF-8" standalone="no"?><epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<hello/>
</epp>
== IN ==
^@^@^C;<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><greeting><svID>EPP server (DSDng)</svID><svDate>2012-04-04T13:55:52+02:00</svDate><svcMenu><version>1.0</version><lang>en</lang><lang>cs</lang><objURI>http://www.nic.cz/xml/epp/contact-1.6</objURI><objURI>http://www.nic.cz/xml/epp/domain-1.4</objURI><objURI>http://www.nic.cz/xml/epp/nsset-1.2</objURI><objURI>http://www.nic.cz/xml/epp/keyset-1.3</objURI><svcExtension><extURI>http://www.nic.cz/xml/epp/enumval-1.2</extURI></svcExtension></svcMenu><dcp><access><all/></access><statement><purpose><admin/><prov/></purpose><recipient><public/></recipient><retention><stated/></retention></statement></dcp></greeting></epp>
== OUT ==
^@^@^B·<?xml version="1.0" encoding="UTF-8" standalone="no"?><epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<login>
<clID>REG-FRED_A</clID>
<pw>passwd</pw>
<options>
<version>1.0</version>
<lang>en</lang>
</options>
<svcs>
<objURI>http://www.nic.cz/xml/epp/contact-1.6</objURI>
<objURI>http://www.nic.cz/xml/epp/nsset-1.2</objURI>
<objURI>http://www.nic.cz/xml/epp/domain-1.4</objURI>
<objURI>http://www.nic.cz/xml/epp/keyset-1.3</objURI>
<svcExtension>
<extURI>http://www.nic.cz/xml/epp/enumval-1.2</extURI>
</svcExtension>
</svcs>
</login>
<clTRID>FREDA-1333540552-b4bcf</clTRID>
</command>
</epp>
== IN ==
^@^@^C;<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><greeting><svID>EPP server (DSDng)</svID><svDate>2012-04-04T13:55:52+02:00</svDate><svcMenu><version>1.0</version><lang>en</lang><lang>cs</lang><objURI>http://www.nic.cz/xml/epp/contact-1.6</objURI><objURI>http://www.nic.cz/xml/epp/domain-1.4</objURI><objURI>http://www.nic.cz/xml/epp/nsset-1.2</objURI><objURI>http://www.nic.cz/xml/epp/keyset-1.3</objURI><svcExtension><extURI>http://www.nic.cz/xml/epp/enumval-1.2</extURI></svcExtension></svcMenu><dcp><access><all/></access><statement><purpose><admin/><prov/></purpose><recipient><public/></recipient><retention><stated/></retention></statement></dcp></greeting></epp>
Hello,
Does anybody know how to migrate to fred ?
I have database with domains, NS, admin-c, etc. and would like to migrate
to fred system.
Can anybody help me with it ?
Thanks.
Hello everyone
My question is not strictly related to FRED, as this is available in
"pure" EPP. Maybe it's a bit silly to ask but why would one want to
transfer a contact or nsset object existing in Registry?
Have you seen such cases?
Best
Piotr