Ficora EPP

Question

Ficora EPP

Closed this issue 8 years ago · 17 comments

I'm sorry that I have to make an issue out of this but this is partly an issue, partly a question to people who know more about EPP than I. Our national domain registry service (Ficora) just recently transferred to EPP. They basically just dumped some XML on their documentation and an address + port. These are of no real help and we have a deadline to make here as they are shutting down their Web Service 2nd of September.

I've tried all I can, including this library, to connect to epptest.ficora.fi on port 700. Their service requires an SSL certificate and whitelisting to the firewall. I've done the whitelisting by adding my IP address on their dashboard as well as uploaded the SSL certificate in .crt format to my user account there. However, I cannot get through.

Trying to connect to the given address, stream_socket_client() just returns false. This is what I've tried on your Connect.php example:

<?php

// debug
error_reporting(E_ALL);
ini_set('display_errors', true);

chdir(__DIR__);

require '../src/AfriCC/autoload.php';

use AfriCC\EPP\Client as EPPClient;
use AfriCC\EPP\Frame\Command\Create\Domain as CreateDomain;

$epp_client = new EPPClient([
    'host' => 'epptest.ficora.fi',
    'port'  => 700,
    'username' => 'Username',
    'password' => 'password',
    'services' => [
        'urn:ietf:params:xml:ns:domain-1.0',
        'urn:ietf:params:xml:ns:contact-1.0'
    ],
    'ssl' => true,
    'local_cert'    => __DIR__ . '/certificate_file.crt',
    'debug' => true
]);

try {
    $greeting = $epp_client->connect();
} catch(Exception $e) {
    echo $e->getMessage() . PHP_EOL;
}

$epp_client->close();

I then dump stream_socket_client and kill the script. Just returns false. Any help?

karborator commented 8 years ago

:D

karborator commented 8 years ago

yep :)

Answer 1 · 2016-08-29T08:06:06.000Z

Please ask Ficora to white list your IP , they do it manually .
Sometimes their port 700 is down , try to check with telnet first:
' telnet epptest.ficora.fi 700 '

Working example :

$epp_client = new EPPClient([
            'host' => $config['url'],
            'port' => 700,
            'username' => $config['login'],
            'password' => $config['password'],
            'connect_timeout' => 30,
            'services' => [
                'urn:ietf:params:xml:ns:domain-1.0',
                'urn:ietf:params:xml:ns:contact-1.0',
                'urn:ietf:params:xml:ns:host-1.0',
                'urn:ietf:params:xml:ns:epp-1.0'
            ],
            'local_cert' => $realPath,  ( path to .pem file  ) 
            'passphrase' => $config['local_cert_pass_phrase'],
            'ssl' => true,
            'debug' => false,
        ]);
        try {
            $greeting = $epp_client->connect();
        } catch (\Exception $e) {
            $epp_client->close();
           return $e->getMessage();
        }
        return $epp_client;

Answer 2 · 2016-08-29T08:10:07.000Z

Then their tech support as well as their documentation is wrong is what you are saying.

Whitelisting happens by adding your IP address to their dashboard (according to the documentation).
The certificate format should be CRT or PRM format (according to tech support)

Answer 3 · 2016-08-29T08:30:43.000Z

Regarding certificate , it should works with both crt , pem .
Also as login you should you the 'User ID' ( example E11 ) , not the email or something else.
But whitelisting is not automatically ..

Answer 4 · 2016-08-29T08:40:13.000Z

Yes, I have E11.. all of those things OK. Still doesn't work. Not sure if the address is down (again) as telnet or Putty's raw connection test just closes the app.

Answer 5 · 2016-08-29T08:41:23.000Z

telnet epptest.ficora.fi 700 response ?

should be like :
telnet epptest.ficora.fi 700
Trying 87.239.122.59...
Connected to epptest.ficora.fi.
Escape character is '^]'.

Answer 6 · 2016-08-29T08:46:37.000Z

I actually forgot after Windows 7 telnet is not a default feature, had to install it. But yeah the connection just hangs (nothing on cmd) so I'm guessing they are having major problems (again). I'll get back to you once I establish a connection.

Answer 7 · 2016-08-29T08:50:49.000Z

Actually, sorry, I was connecting from my own PC and my IP address changed. Tried it on my server, works fine. The server IP address is also whitelisted where I run the scripts. stream_socket_client returns false there too, though.

Answer 8 · 2016-08-29T11:15:17.000Z

Nope, nothing. They just responded that they had some problems friday through monday morning but I was not testing then. Still doesn't work and I have no idea why.

Answer 9 · 2016-08-29T11:26:52.000Z

It seems you have time until 5th september. But nevertheless, keep checking
back& forth telnet and trying connect to their sandbox. I'm honestly amazed
at how ficora implements this - they plan to shutdown web service on 2nd
september and open epp on 5th with no in-between adjustment period.

2016-08-29 13:15 GMT+02:00 OssiPesonen notifications@github.com:

Nope, nothing. They just responded that they had some problems friday
through monday morning but I was not testing then. Still doesn't work and I
have no idea why.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#31 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AKMVFU0bCANhZoUW5onUXJnXqGDWCRXAks5qkr9GgaJpZM4JvOmY
.

Pozdrawiam,
Hubert Kowalski

Answer 10 · 2016-08-29T12:16:07.000Z

just to note , the epp login/pass for API can be diferent from the login/pas from web interface .
also epp has a whitelist ip , so you need to whitelist your server ip in thier dashboard .

i was the same case before with my cctld until i found the pasword was not the same password as my web interface .

try to echo $epp_client->connect() and not the error message .

Answer 11 · 2016-08-29T12:24:29.000Z

Yes, I know it's different from the web interface. There are several EPP accounts you can add in your dashboard that have their own usernames (E1234) and passwords.

Trying to run the code:

echo $epp_client->connect();

Just returns an Exception unhandled error. This comes from

        if ($this->socket === false) {
            throw new Exception($errstr, $errno);
        }

Answer 12 · 2016-08-30T09:42:09.000Z

Yeah the tech department are full of morons. Now one answered that you must use a 'private certificate' and I've never heard of that term so I just replied 'Do you mean private KEY?!' and the answer was 'Yes'. When asking earlier another person said no. Also the format should be .crt. Seriously, WHAT?!

What exactly is the 'local_cert' file? We bundled up a comodo SSL certificate package (I'm assuming, didn't do the packing) which included:

AddTrustExternalCARoot.crt
COMODORSAAddTrustCA.crt
COMODORSADomainValidationSecureServerCA.crt

Now I have one singular .crt file to use and a private key another person created for me (our company programmers working together, all completely baffled by this whole thing)

Answer 13 · 2016-08-30T19:00:44.000Z

Thank you everyone for answering me. I came up with the solution after I read some posts about similar problems and one had the right answer. The certificate file should (or must) be in PEM format and it should contain both private key and certificate (in that order).

I had the certificate and key separate, so what I just did was copy them together, so they became:

-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

I was now able to make a proper request and had a response.

Answer 14 · 2016-08-31T12:51:35.000Z

congratulation !!

Answer 15 · 2016-09-05T10:44:14.000Z

Thanks @karborator and @naja7host for helping out!