Verisign Module Configuration Guide

This document will guide you through Verisign COM/NET EPP-DRS Module configuration.

Make sure that you were certified by Verisign and have the following:

• Trusted SSL certificate. Common name (CN) of certificate must be registered with Verisign. Verisign offers a SSL certificate for certified registrars for free.
• SSL private key passphrase (optional).
• Login and password for EPP access.

You may want to check yor connection and certificate. Do the following in command line:

openssl s_client -connect verisign-epp-server:port -cert /path_to_cert -key path_to_private_key

You should see EPP greeting. Something like:

<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><greeting><svID>VeriSign Com/Net EPP Registration Server</svID><svDate>2008-04-07T08:22:21.0218Z</svDate><svcMenu><version>1.0</version><lang>en</lang><objURI>urn:ietf:params:xml:ns:domain-1.0</objURI><objURI>urn:ietf:params:xml:ns:host-1.0</objURI><svcExtension><extURI>http://www.verisign.com/epp/idnLang-1.0</extURI><extURI>http://www.verisign-grs.com/epp/namestoreExt-1.1</extURI><extURI>urn:ietf:params:xml:ns:rgp-1.0</extURI><extURI>http://www.verisign.com/epp/whoisInf-1.0</extURI><extURI>http://www.verisign.com/epp/sync-1.0</extURI></svcExtension></svcMenu><dcp><access><all/></access><statement><purpose><admin/><other/><prov/></purpose><recipient><ours/><public/><unrelated/></recipient><retention><indefinite/></retention></statement></dcp></greeting></epp>

EPP-DRS uses the certchain file in PEM format. It is simple text file containing both certificate and private key. Private key should go on new line after a certificate.

Certchain file may be generated by following commands:

cat path_to_key > certchain.pem
cat path_to_cert >> certchain.pem
cat path_to_cacert >> certchain.pem

You can now configure EPP-DRS module.

• Log in to admin area, enable the module.
• Go to Configure and fill the form:

Login: EPP login,
Password: EPP password,
Server host: EPP server host (Use epp.verisign-grs.com for production and epp-ote.verisign-grs.com for OT&E)
Server port: EPP TCP port (Use 700) Port must be opened in your firewall.
Path to SSL certificate: Full path to your certchain certificate.
SSL private key password: If your private key protected with a password, enter it here.
GURID: Your account GURID. Can be found in Your NameStore manager panel → Accounts → View account information in Verisign NameStore manager panel.

Save your settings and use “Test module” link on Settings » Registry modules » View all to test connection and operations.

Verisign requires all registrars to pass certification test before they are allowed to go in production. EPP-DRS will perform these tests for you. Just use the Run certification test option. Once the test is completed, you will be presented with the log that must be sent to Verisign.