====== Verisign Module Configuration Guide =====

This document will guide you through Verisign COM/NET EPP-DRS Module configuration.

===== Checklist =====
Make sure that you were certified by Verisign and have the following:
  * Trusted SSL certificate. Common name (CN) of certificate must be registered with Verisign. Verisign offers a SSL certificate for certified registrars for free.
  * SSL private key passphrase (optional).
  * Login and password for EPP access.


You may want to check yor connection and certificate. Do the following in command line:
<code bash>openssl s_client -connect verisign-epp-server:port -cert /path_to_cert -key path_to_private_key</code>

You should see EPP greeting. Something like:
<code xml>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><greeting><svID>VeriSign Com/Net EPP Registration Server</svID><svDate>2008-04-07T08:22:21.0218Z</svDate><svcMenu><version>1.0</version><lang>en</lang><objURI>urn:ietf:params:xml:ns:domain-1.0</objURI><objURI>urn:ietf:params:xml:ns:host-1.0</objURI><svcExtension><extURI>http://www.verisign.com/epp/idnLang-1.0</extURI><extURI>http://www.verisign-grs.com/epp/namestoreExt-1.1</extURI><extURI>urn:ietf:params:xml:ns:rgp-1.0</extURI><extURI>http://www.verisign.com/epp/whoisInf-1.0</extURI><extURI>http://www.verisign.com/epp/sync-1.0</extURI></svcExtension></svcMenu><dcp><access><all/></access><statement><purpose><admin/><other/><prov/></purpose><recipient><ours/><public/><unrelated/></recipient><retention><indefinite/></retention></statement></dcp></greeting></epp>
</code>



==== SSL certchain ====

EPP-DRS uses the certchain file in PEM format. It is simple text file containing both certificate and private key.
Private key should go on new line after a certificate.

Certchain file may be generated by following commands:
<code bash>
cat path_to_key > certchain.pem
cat path_to_cert >> certchain.pem
cat path_to_cacert >> certchain.pem
</code>

===== Module configuration =====

You can now configure EPP-DRS module.

  * Log in to admin area, enable the module.
  * Go to ''Configure'' and fill the form:

''Login'': EPP login,\\
''Password'': EPP password,\\
''Server host'': EPP server host (Use ''epp.verisign-grs.com'' for production and ''epp-ote.verisign-grs.com'' for OT&E)\\
''Server port'': EPP TCP port (Use 700) :!: Port must be opened in your firewall.\\
''Path to SSL certificate'': Full path to your certchain certificate.\\
''SSL private key password'': If your private key protected with a password, enter it here.\\
''GURID'': Your account GURID. Can be found in ''Your NameStore manager panel -> Accounts -> View account information'' in Verisign NameStore manager panel.\\

Save your settings and use "Test module" link on ''Settings » Registry modules » View all 
'' to test connection and operations.

===== Passing Verisign certification test =====
Verisign requires all registrars to pass certification test before they are allowed to go in production.
EPP-DRS will perform these tests for you. Just use the ''Run certification test'' option. Once the test is completed, you will be presented with the log that must be sent to Verisign.