Verisign Module Configuration Guide

This document will guide you through Verisign COM/NET EPP-DRS Module configuration.

Make sure that you were certified by Verisign and have the following:

• Trusted SSL certificate. Common name (CN) of certificate must be registered with Verisign. Verisign offers a SSL certificate for certified registrars for free.
• SSL private key passphrase (optional).
• Login and password for EPP access.

You may want to check yor connection and certificate. Do the following in command line:

openssl s_client -connect verisign-epp-server:port -cert /path_to_cert -key path_to_private_key

You should see EPP greeting. Something like:

<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0 epp-1.0.xsd"><greeting><svID>VeriSign Com/Net EPP Registration Server</svID><svDate>2008-04-07T08:22:21.0218Z</svDate><svcMenu><version>1.0</version><lang>en</lang><objURI>urn:ietf:params:xml:ns:domain-1.0</objURI><objURI>urn:ietf:params:xml:ns:host-1.0</objURI><svcExtension><extURI>http://www.verisign.com/epp/idnLang-1.0</extURI><extURI>http://www.verisign-grs.com/epp/namestoreExt-1.1</extURI><extURI>urn:ietf:params:xml:ns:rgp-1.0</extURI><extURI>http://www.verisign.com/epp/whoisInf-1.0</extURI><extURI>http://www.verisign.com/epp/sync-1.0</extURI></svcExtension></svcMenu><dcp><access><all/></access><statement><purpose><admin/><other/><prov/></purpose><recipient><ours/><public/><unrelated/></recipient><retention><indefinite/></retention></statement></dcp></greeting></epp>

EPP-DRS uses the certchain file in PEM format. It is simple text file containing both certificate and private key. Private key should go on new line after a certificate.

You can now configure EPP-DRS module.

• Log in to admin area, enable the module.
• Go to Configure and fill the form:

Login: EPP login,
Password: EPP password,
Server host: EPP server host (Use epp.verisign-grs.com for production and epp-ote.verisign-grs.com for OT&E)
Server port: EPP TCP port (Use 700) Port must be opened in your firewall.
Path to SSL certificate: Full path to your certchain certificate.
SSL private key password: If your private key protected with a password, enter it here.
GURID: Your account GURID. Can be found in Your NameStore manager panel → Accounts → View account information in Verisign NameStore manager panel.

Save your settings and use “Test module” link on Settings » Registry modules » View all to test connection and operations.

Verisign requires all registrars to pass certification test before they are allowed to go in production. EPP-DRS already have the test built-in. Just use the Run certification test option. Once the test is completed, you will be presented with the log that should be sent to Verisign.