81 lines
2.2 KiB
Markdown
81 lines
2.2 KiB
Markdown
WHMCS EPP with DNSsec Registry-Registrar Module for .CH registry
|
|
========================
|
|
|
|
This module require an Accredited Registrar account for .CH domains, it provide full functionality coverage for domains management and based on communication with Registry through Extensible Provisioning Protocol (EPP).
|
|
|
|
Requirements
|
|
------------
|
|
|
|
* PHP 7.2 or higher;
|
|
* WHMCS 7.7.0 or higher;
|
|
|
|
Installation
|
|
------------
|
|
|
|
Upload via FTP the 'nicch' directory to <whmcs_root>/modules/registrars/
|
|
Set write permissions for log file <whmcs_root>/modules/registrars/nicch/log/nicch.log
|
|
|
|
Generate .PEM certificate
|
|
-------------------------
|
|
|
|
create .pfx file
|
|
openssl pkcs12 -export -out certificate.pfx -inkey www.yourdomain.com.key -in yourdomain.com.crt -certfile CA_bundle.crt
|
|
|
|
```bash
|
|
$ openssl pkcs12 -export -out certificate.pfx -inkey /etc/pki/tls/private/www.yourdomain.com.key -in /etc/pki/tls/certs/yourdomain.com.crt -certfile /etc/pki/tls/certs/gd_bundle.crt
|
|
```
|
|
|
|
create PEM file
|
|
|
|
include PassPhrase
|
|
|
|
```bash
|
|
$ openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
|
|
```
|
|
|
|
or
|
|
without PassPhrase
|
|
|
|
```bash
|
|
$ openssl pkcs12 -in certificate.pfx -out certificate.cer
|
|
```
|
|
|
|
Upload certificates
|
|
-------------------
|
|
|
|
Copy certificate.cer to <whmcs_root>/modules/registrars/nicch/local_cert/certificate.cer
|
|
Copy www.yourdomain.com.key to <whmcs_root>/modules/registrars/nicch/local_pk/www.yourdomain.com.key
|
|
Copy a certificate authority file to <whmcs_root>/modules/registrars/nicch/cafile/
|
|
|
|
|
|
or you may use https://letsencrypt.org/
|
|
```bash
|
|
$ dnf install git net-tools
|
|
$ git clone https://github.com/certbot/certbot.git
|
|
$ cd certbot/
|
|
$ ./letsencrypt-auto --help
|
|
$ systemctl stop httpd
|
|
$ ./letsencrypt-auto certonly --standalone
|
|
```
|
|
|
|
Test connection with the server
|
|
-------------------------------
|
|
|
|
please make sure port 700 is not firewalled:
|
|
|
|
```bash
|
|
$ telnet epp-test.switch.ch 700
|
|
$ openssl s_client -showcerts -connect epp-test.switch.ch:700
|
|
```
|
|
|
|
command line for acceptable client certificate CA names
|
|
|
|
```bash
|
|
$ openssl s_client -showcerts -connect epp-test.switch.ch:700 -CAfile gd_bundle.crt
|
|
```
|
|
|
|
command line to verify your own Certificate
|
|
|
|
```bash
|
|
$ openssl s_client -showcerts -connect epp-test.switch.ch:700 -CAfile CA_bundle.crt -cert yourdomain.com.crt -key yourdomain.com.key
|
|
```
|