nicch/README.md

WHMCS EPP with DNSsec Registry-Registrar Module for .CH registry
========================

This module require an Accredited Registrar account for .CH domains, it provide full functionality coverage for domains management and based on communication with Registry through Extensible Provisioning Protocol (EPP).

Requirements
------------

  * PHP 7.2 or higher;
  * WHMCS 7.7.0 or higher;

Installation
------------

Upload via FTP the 'nicch' directory to <whmcs_root>/modules/registrars/
Set write permissions for log file <whmcs_root>/modules/registrars/nicch/log/nicch.log

Generate .PEM certificate
-------------------------

create .pfx file
openssl pkcs12 -export -out certificate.pfx -inkey www.yourdomain.com.key -in yourdomain.com.crt -certfile CA_bundle.crt

```bash
$ openssl pkcs12 -export -out certificate.pfx -inkey /etc/pki/tls/private/www.yourdomain.com.key -in /etc/pki/tls/certs/yourdomain.com.crt -certfile /etc/pki/tls/certs/gd_bundle.crt
```

create PEM file

include PassPhrase

```bash
$ openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
```

or 
without PassPhrase 

```bash
$ openssl pkcs12 -in certificate.pfx -out certificate.cer
```

Upload certificates
-------------------

Copy certificate.cer to <whmcs_root>/modules/registrars/nicch/local_cert/certificate.cer
Copy www.yourdomain.com.key to <whmcs_root>/modules/registrars/nicch/local_pk/www.yourdomain.com.key
Copy a certificate authority file to <whmcs_root>/modules/registrars/nicch/cafile/


or you may use https://letsencrypt.org/
```bash
$ dnf install git net-tools
$ git clone https://github.com/certbot/certbot.git
$ cd certbot/
$ ./letsencrypt-auto --help
$ systemctl stop httpd
$ ./letsencrypt-auto certonly --standalone
```

Test connection with the server
-------------------------------

please make sure port 700 is not firewalled:

```bash
$ telnet epp-test.switch.ch 700
$ openssl s_client -showcerts -connect epp-test.switch.ch:700
```

command line for acceptable client certificate CA names

```bash
$ openssl s_client -showcerts -connect epp-test.switch.ch:700 -CAfile gd_bundle.crt
```

command line to verify your own Certificate

```bash
$ openssl s_client -showcerts -connect epp-test.switch.ch:700 -CAfile CA_bundle.crt -cert yourdomain.com.crt -key yourdomain.com.key
```
First commit 2019-05-10 14:31:22 +00:00			`WHMCS EPP with DNSsec Registry-Registrar Module for .CH registry`
			`========================`

			`This module require an Accredited Registrar account for .CH domains, it provide full functionality coverage for domains management and based on communication with Registry through Extensible Provisioning Protocol (EPP).`

			`Requirements`
			`------------`

			`* PHP 7.2 or higher;`
			`* WHMCS 7.7.0 or higher;`

			`Installation`
			`------------`

			`Upload via FTP the 'nicch' directory to <whmcs_root>/modules/registrars/`
			`Set write permissions for log file <whmcs_root>/modules/registrars/nicch/log/nicch.log`

			`Generate .PEM certificate`
			`-------------------------`

			`create .pfx file`
			`openssl pkcs12 -export -out certificate.pfx -inkey www.yourdomain.com.key -in yourdomain.com.crt -certfile CA_bundle.crt`

			```bash
			`$ openssl pkcs12 -export -out certificate.pfx -inkey /etc/pki/tls/private/www.yourdomain.com.key -in /etc/pki/tls/certs/yourdomain.com.crt -certfile /etc/pki/tls/certs/gd_bundle.crt`
			```

			`create PEM file`

			`include PassPhrase`

			```bash
			`$ openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes`
			```

			`or`
			`without PassPhrase`

			```bash
			`$ openssl pkcs12 -in certificate.pfx -out certificate.cer`
			```

			`Upload certificates`
			`-------------------`

			`Copy certificate.cer to <whmcs_root>/modules/registrars/nicch/local_cert/certificate.cer`
			`Copy www.yourdomain.com.key to <whmcs_root>/modules/registrars/nicch/local_pk/www.yourdomain.com.key`
			`Copy a certificate authority file to <whmcs_root>/modules/registrars/nicch/cafile/`


			`or you may use https://letsencrypt.org/`
			```bash
			`$ dnf install git net-tools`
			`$ git clone https://github.com/certbot/certbot.git`
			`$ cd certbot/`
			`$ ./letsencrypt-auto --help`
			`$ systemctl stop httpd`
			`$ ./letsencrypt-auto certonly --standalone`
			```

			`Test connection with the server`
			`-------------------------------`

			`please make sure port 700 is not firewalled:`

			```bash
			`$ telnet epp-test.switch.ch 700`
			`$ openssl s_client -showcerts -connect epp-test.switch.ch:700`
			```

			`command line for acceptable client certificate CA names`

			```bash
			`$ openssl s_client -showcerts -connect epp-test.switch.ch:700 -CAfile gd_bundle.crt`
			```

			`command line to verify your own Certificate`

			```bash
			`$ openssl s_client -showcerts -connect epp-test.switch.ch:700 -CAfile CA_bundle.crt -cert yourdomain.com.crt -key yourdomain.com.key`
			```