SV: Fred-users Digest, Vol 4, Issue 8

how did you solve the SSL certificate problem ? ________________________________________ Fra: fred-users-bounces(a)lists.nic.cz [fred-users-bounces(a)lists.nic.cz] P&#229; vegne af Omer Mohamed Fadul [omerfadul(a)zinanet.net] Sendt: 22. oktober 2008 08:47 Til: fred-users(a)lists.nic.cz Cc: fred-users(a)lists.nic.cz Emne: Re: Fred-users Digest, Vol 4, Issue 8 i was facing the same problem, you will a lot of difficulties to install the required packages, which include installing of python required binaries,omniORB and omniORPy, apache modules and so on. i migrate to Ubuntu linux and most of the required binaries will be install using apt-get sub command, but probably you will be faced with too problems: 1. managing SSL certificate. 2. Interface language which is not English. and you have to remove any other http server except apache2 regards.. > Send Fred-users mailing list submissions to > fred-users(a)lists.nic.cz > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.nic.cz/mailman/listinfo/fred-users > or, via email, send a message with subject or body 'help' to > fred-users-request(a)lists.nic.cz > > You can reach the person managing the list at > fred-users-owner(a)lists.nic.cz > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Fred-users digest..." > > > Today's Topics: > > 1. help - Re: installing FRED on Fedora 9 (Dr Paulos Nyirenda) > 2. Re: Thanks, and a question (Jarom?r Tal??) > 3. Re: Payment solution (Jarom?r Tal??) > 4. Re: Integration of client into PHP, client_example.php > (Jarom?r Tal??) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 21 Oct 2008 17:06:43 +0200 > From: "Dr Paulos Nyirenda" &lt;paulos(a)sdnp.org.mw&gt; > Subject: help - Re: installing FRED on Fedora 9 > To: Petur Kirke &lt;pk(a)simprentis.com&gt;om>, fred-users(a)lists.nic.cz > Message-ID: &lt;48FE0C23.4936.1BEC99F(a)paulos.sdnp.org.mw&gt; > Content-Type: text/plain; charset=US-ASCII > > > This method did not work for me on Fedora8, did you have to install > > fred-repo > > befor using yum? > > Regards, > > Paulos > ====================== > Dr Paulos B Nyirenda > .mw ccTLD > http://www.registrar.mw > > > On 16 Oct 2008 at 10:24, Petur Kirke wrote: > >> >> I have installed Fedora 9 on a machine, and then i installed the FRED >> binary package >> for Fedora 9 like this: >> >> yum install fred-* >> >> This installation worked very fine. >> >> But where to go from here ? >> >> I looked at the Fred website, under "documentation", and "FRED >> Howto", but it looks like this dokumentation assumes that we use >> Debian. >> Where can i see what to do after installing the FRED binary package >> for Fedora 9 ? >> >> >> >> Peter >> >> >> This email and its attachments may be confidential and are intended >> solely for the use of the individual to whom it is addressed. >> If you are not the intended recipient or authorized to receive >> information for the intended recipient you are notified that >> disclosing, copying, distributing or taking any action in reliance on >> the contents of this information is strictly prohibited. If the email >> contains proposals, they are valid for 30 days following the date of >> email transmission. Finally, the recipient should check this email >> and any attachment for the presence of viruses. The company accepts >> no liability for any damage caused by any virus transmitted by email. >> > > > > > ------------------------------ > > Message: 2 > Date: Wed, 22 Oct 2008 08:46:38 +0200 > From: Jarom?r Tal?? &lt;jaromir.talir(a)nic.cz&gt; > Subject: Re: Thanks, and a question > To: fred-users(a)lists.nic.cz > Message-ID: &lt;1224657998.3526.21.camel(a)localhost.localdomain&gt; > Content-Type: text/plain; charset="utf-8" > > Hi Mario, > > sorry for my late answer. In our ubuntu packages repository we have > package fred-server separated into four packages (fred-common, > fred-rifd, fred-pifd, fred-adifd). All this binary packages are build > from fred-server source package. Those fred-*ifd packages contain > servers for registrar interface, public interface and administration > inteface. We separated them just because different importance of these, > for example we upgrade and restart administration interface very often > and on the contrary - registrar interface must be restarted only when we > inform registrars. This is just our policy. > >>From your email it looks like you forgot to sign your eppclient.pem > certificate with ubuntu CA certificate. Client certificate cannot be > self signed (of course except of situation when the same certificate is > configured as CA certificate) > > Hope It will help. > > Regards, > Jaromir > > On Wed, 2008-09-24 at 12:03 -0600, Mario Guerra wrote: >> Jatomir and all: >> >> Thanks. I've tested the Live CD with the 01/01/2008 date. It works >> perfectly. The net effect is that it create zones so easily and, at the >> same time, stores in a database the administrative data using EPP. >> Moreover it keeps it simple. >> >> The disk installation: >> >> In our case my approach has been installing the Ubuntu hardy (8.04) >> .deb packages, fred-*.deb, which install dome dependencies too. I see >> that there are no .dev for fred-server (including the Python parts), so >> I installed these by hand (in /usr/.local) . Is that correct?. What >> about generating .deb packages for these, too?. >> >> For installing the certificates I do this: >> >> 1. I use the CA included in the ca-certificates Debian package which, in >> my opinion, is adequate (I don't have to generate a CA certificate >> myself. >> 2. For the mod-eppd Apache module, I generate the self-signed >> certificates using the usual procedures for generating them for >> encrypted HTML: >> >> >> openssl genrsa -des3 -out eppd.key 4096 >> openssl req -new -key eppd.key -out eppd.csr >> openssl x509 -req -days 3650 -in eppd.csr -signkey eppd.key -out >> eppd.crt >> openssl rsa -in eppd.key -out eppd.key.insecure >> mv eppd.key eppd.key.secure;mv eppd.key.insecure eppd.key >> chmod 600 *.key >> /etc/init.d/apache2 force-reload >> >> 3. For the fred-client certificate configuration I rather use a method I >> prefer, say,, for dovecot SSL configuration: >> >> openssl req -new -x509 -nodes -out eppclient.pem -keyout eppclient.pem >> >> 4. After generating both certificates I first configure the mod-eppd >> virtualhost: >> >> Listen *:700 >> >> <VirtualHost *:700> >> >> CorbaEnable On >> CorbaNameservice "localhost" >> CorbaObject "EPP" "EPP_alias" >> >> EPPprotocol On >> EPPObject "EPP_alias" >> EPPschema "/usr/share/fred-mod-eppd/schemas/all-1.4.xsd" >> EPPservername "CR.NIC's EPP server" >> EPPlog "/var/log/apache2/eppd.log" >> EPPloglevel error >> EPPvalidResponse Off >> >> SSLEngine off >> SSLCipherSuite >> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+ >> EXP:+eNULL >> SSLVerifyClient require >> SSLCertificateFile /etc/ssl/fred/eppd.crt >> SSLCertificateKeyFile /etc/ssl/fred/eppd.key >> SSLCACertificateFile /etc/ssl/certs/ca.pem >> SSLVerifyDepth 1 >> >> </VirtualHost> >> >> Notice the /etc/ssl/certs/ca.pem CA certificate, which is the standard >> Ubuntu CA certificate. This should be adequate, because it expires much >> later. >> >> 5. /etc/init.d/apache2 force-reload >> >> 6. For the epp-client configuration file I have this in >> /usr/local/etc/fred/fred-client.conf: >> >> [connect] >> ;; dir=/usr/local/share/fred-client/ssl >> host = localhost >> port = 700 >> ssl_cert = /etc/ssl/fred/eppclient.pem >> ssl_key = /etc/ssl/fred/eppclient.pem >> username = REG-FRED_A >> password = passwd >> username2 = REG-FRED_B >> password2 = passwd >> >> etc..... >> >> >> 7. When I run fred-client I get this: >> >> root@mguerra:/etc/fred# fred-client >> FredClient 1.6.1 >> Type "help", "license" or "credits" for more information. >> >> Using configuration from /usr/local/etc/fred/fred-client.conf >> Connecting to localhost, port 700 ... >> >> ERROR: socket.sslerror: (1, 'error:140770FC:SSL >> routines:SSL23_GET_SERVER_HELLO:unknown protocol') (localhost:700) >> Certificate not signed by verified certificate authority. >> >> The date gives this: >> >> mi? sep 24 11:33:57 CST 2008 (mi? means Wednesday). >> >> What can be the reason for this?. Should I use other CA certificate?. Or >> perhaps I should use a certificate in ~/fredclient.pem?. >> >> Thank you in advance. >> >> Mario >> >> _______________________________________________ >> Fred-users mailing list >> Fred-users(a)lists.nic.cz >> https://lists.nic.cz/mailman/listinfo/fred-users >