OT&E FAQ OT & E instructions and documentation are available in Become a Registrar.
As a cautionary note, Registrars who currently have dual stack hosts may be affected (i.e if their network interface is configured with a global unicast IPv6 address, along with an IPv4 address). When dual stack registrars try to connect to the .IN registry, the IPv6 address will usually be selected over the IPv4 address for the connection. If you have not submitted your IPv6 address to Technical Support for inclusion in the list of allowed IPs for your registrar, the registry will refuse a connection and your client will be unable to establish a connection with the registry. You may implement RFC 6555 in your client to address this issue. This mechanism is currently included in the Mac operating system after the Mac OS X Lion Release and may be included at the Operating System level in Linux and Windows in the future.
What is a SSL Certificate?
A digital certificate is simply a statement digitally signed by an independent and trusted third party (the Certificate Authority). That statement usually follows a very specific format laid down in a standard called X.509, hence they are sometimes referred to as X.509 certificates.
A certificate is required to establish an authenticated and encrypted communications channel between the Registrar's server and the Registry's SRS.
Where do I get a SSL Certificate? X.509 server certificates can be obtained from one of the accepted Certificate Authorities. Please make sure you obtain an SSL server certificate and NOT an individual/personal certificate. The accepted Certificate Authorities currently include Verisign, Thawte and Starfield; qualified Indian government entities may use certificates issued by NIC. We are happy to consider use of certificates from an offical Indian Certifying Authority. If you would like to use a certificate from an authority that is not on this list, please contact us so that we can evaluate and test the certificate.
Which SSL toolkit should I use?
Registrars are responsible for obtaining an SSL toolkit that is compatible with the development language and platform of their client system. The minimum requirement is that it must support SSL version 3.
For C, C++ or Perl, OpenSSL is an
open-source SSL solution.
- How do I begin the certification process?
- What do I do after I receive the OT&E welcome package?
- How do I test my client application?
- How do I arrange a time for OT&E certification?
- What will be tested during OT&E certification?
- What happens after OT&E certification?
- What is the name and port of the OT&E test server?
- What key or cert sizes are accepted ?
- OT&E server information and username/password for two accounts to access the OT&E environment for registrar client testing.
- Instructions on where to download the Registrar Toolkit.
- Instructions on where to download the RRP specifications.
- Instructions on how to proceed with the T&E certification process.
- Instructions on how to obtain an SSL certificate from an approved certificate authority.
- Instructions on how to provide Tech Support with the list of subnets that will be used to access the live Shared Registry System.
- Documentation that will explain the tests to be performed during OT&E verification.
- How does the Registry control access to the Shared Registry System?
- How do I specify the IP addresses that can access the SRS?
- What is a SSL Certificate?
- Where do I get a SSL Certificate?
- Which SSL toolkit should I use?
- Which cipher suites are accepted?
- When do I get the username/password for the production SRS?
- Access control to the production SRS is restricted by IP address filters.
- SSL encryption is required for the communication channels between the Registrar's client system and the OT&E and production systems.
- Authentication by means of a username and password is required for session establishment.
- A maximum of 3 IP subnets
- A maximum of 96 hosts between the three IP subnets
- The .IN Registry supports connections to the registry both by IPv6 or IPv4.
- Ranges for IPv4 must be written in CIDR format (e.g. 192.168.1.0/27 where the "/27" represents the length of the subnet). We cannot accept any ranges below a /26 range (i.e. /25, /24, etc). CIDR format dictates the number of hosts within each range. The ranges are as follows:
- /26 = 64 hosts
- /27 = 32 hosts
- /28 = 16 hosts
- /29 = 8 hosts
- /30 = 4 hosts
- /31 = 2 hosts
- /32 = 1 host
- Examples of valid IPv4 subnets include:
- One subnet of 64 hosts(e.g. 192.168.1.0/26)
- One subnet of 64 hosts and one subnet of 32 hosts or less (e.g. subnet #1 as 192.168.2.0/26, which represents 64 addresses 192.168.2.0 to 192.168.2.63; and subnet #2 as 192.168.3.0/27, which represents 32 addresses 192.168.3.0 to 192.168.3.31.
- Three subnets of 32 hosts or less (e.g. subnet #1 as 192.168.2.0/27, which represents 32 addresses 192.168.2.0 to 192.168.2.31; subnet #2 as 192.168.3.0/27, which represents 32 addresses 192.168.3.0 to 192.168.3.31; and subnet #3 as 192.168.4.0/27, which represents 32 addresses 192.168.4.0 to 192.168.4.31)
- Accepted ranges for IPv6 subnets include:
- /48 = 1,208,925,819,614,629,174,706,176 hosts
- /64 = 18,446,744,073,709,551,616 hosts
- /128 = 1 hosts
- Registrars may submit IPv6 subnets as they see wish, as long as the total number of both IPv4 and IPv6 subnets stay within the limit of 3. IPv6 subnets will count towards the registrars' connection limits in the registry system along with the IPv4 addresses.
- The specified subnets must fall on valid bit boundaries. For example, a subnet specified as 192.168.2.1/27 is not acceptable because ".1" is not a valid boundary for a /27 subnet. The following table defines the valid boundaries for each subnet length.
- Sun's Java Secure Socket Extension
- SSLava from Phaos Technology (Oracle). SSLava is also the toolkit used in the development of the SRS.
- SSL_DHE_RSA_WITH_DES _CBC_SHA
- What is the Registrar Tool Kit?
- What is included in the Tool Kit?
- When will the Tool Kit be available and what are the licensing terms?