5 minute read

OpensSRS is a domain reseller system offered by Tucows to internet service providers.

Although Tucows offers a very flexible system, there’s a serious lack of easy to follow documentation.

This document will explain how to get your tucows opensrs reseller account up and running with full access.

  1. To begin with you will require an OpenSRS account, you can signup here.
  2. You then need to review the contract you want.
  3. In this case we will be reviewing the Master TLD Contract.
  4. Print this off, fill out the spaces on the contract, and don’t forget to sign it.
  5. Fax it across to (416) 531-2516 or from the UK 1014165312516.
  6. The next thing to do is to decide how you wish to make payments. In my case I will be using MasterCard, so do pay anything you have to fill out the Credit Card form and fax the details across to the same number.
  7. You must pay $95 for the setup fee.
  8. Don’t forget to update your website/terms and conditions with the TuCows contract terms.
  9. Once you receive your username and password via email, you need to complete the access tests, which are a pain in themselves.

At this point you will be unable to log into the “Live System“, until you complete the full access test…

  1. Log into the “Test System” using your username and password provided in the welcome email.
  2. Once logged in you will see the administration page for the test system, which is an exact replica of the live system. For now, ignore this, and scroll to the bottom. You need to open the page entitled “Full Access Test Instructions“, and read the instructions, however vague they are.
  3. As it says, you need to download and install the “OpenSRS Client Software“, but what you actually need is the “OpenSRS Client Software“, download this.
  4. Although the RCL manual can be found on the website, its not very clear what you need to do. Take a look at it anyway.
  5. Once you have downloaded the RCL, extract it, and edit the “etc/OpenSRS.conf” file.
    1. Get the username from the welcome email, and enter inside the quotes on line 13…
    2. my $USERNAME = “yourusername”; # XXX insert username here
    3. Log back into the “Test System“, scroll to the bottom and find “Generate New Private Key“, follow the on-screen instructions and enter the private key provided on line 14…
    4. my $PRIVATE_KEY = “your_private_key “; # XXX insert DES key here
    5. Next set your admin email address on line 16…
    6. $ADMIN_EMAIL = ‘[email protected]’;
    7. Next set the email address where renewals will be sent to on line 17…
    8. $RENEW_EMAIL = ‘[email protected]’;
    9. For now on line 22, you must keep test server as 1 (this would be set to 0 if we were live)…
    10. $TEST_SERVER = 1;
    11. On line 28, configure the full path to where you intend on installing the client…
    12. $PATH_SOURCE = “<path_to_source>”; # e.g., “/home/username/opensrs”
    13. On line 49 to 55, you have the remote server config settings:
    14. REMOTE_PORT => 55000,

    REMOTE_HOST => “horizon.opensrs.net”,

    REMOTE_HTTPS_PORT => 55443,# OSRS IDN conversion server connection settings

    REMOTE_IDN_HOST => ‘horizon.opensrs.net’,

    REMOTE_IDN_PORT => 55044,

    1. If you are in test mode, these must remain the same, and you must make sure the server can use those external ports. If you are in live mode, the ports start with “52”, instead of “55”, and the hostname is “rr-n1-tor.opensrs.net”.
    2. On line 60, you must decide which connection type you want to use…
    3. connection_type => ‘CBC’, # CBC, HTTPS
    4. If you use CBC you also need to set the connection type on line 61 (try Blowfish)…
    5. crypt_type => ”, # Blowfish, DES, or Blowfish_PP (slow!). ONLY important
  6. You MUST open EACH AND EVERY SINGLE .cgi file in the “cgi” directory, and change the “$path_to_config = ‘<path_to_conf_file>’;” to the correct path. You could probably get away with using ‘../etc’ as the path.
  7. Upload all of the files to the directory you have decided on, and “chmod” all the “.cgi” files to “755” so they are able to run.
  8. If you have SSH access to your web server you can verify your install by running the “cgi/verify_install.cgi” using the perl command at console (NOT via a web browser).
  9. Next you need to visit the true URL of the “reg_system.cgi” that you uploaded, and continue to follow the “Full Access Test Instructions“.
  10. If this page appears to be blank, you need to speak to your web server admin and ask them to read the error log (sometimes located “/usr/local/apache/logs/error_log”), usually you will need to install a perl module such as Data::Structure::Util using cpan.
  11. You may also require to “cpan install Unicode::String”.
  12. If you get the “Ciphertext does not begin with a valid header for ‘salt’ header mode” error, chances are you need to cpan update Crypt::CBC, and apply this fix. (Which is already already applied in the latest version)
  13. [And well this is where I stopped because I’m still getting errors, and openSRS seem unable to help me]

If you are still having problems, read the OpenSRS FAQ.

So this is what I did, I contacted TuCows numerous times and they were unable to help me with this.

I was told by TuCows to downgrade my Crypt:CBC, I told them it wasn’t possible for me to do this.

I contacted TuCows again and insisted they allow me to bypass the Rite Test.

With this in mind, I decided to forget about the PERL solution and take a look at OpenSRS-PHP.

  • I downloaded this, ensured I had the Crypt-CBC PEAR module installed and recompiled php with mcrypt.
  • I extracted the files, read the README and uploaded them to the server.
  • As I understand it, I required a private key from the test system and another from the live system.
  • I loaded these private keys along with the username into the ‘openSRS.php’ and began investigating the ‘test.php’
  • From my understanding ‘test.php’ looks up a domain to check if its available or not. With this in mind I needed to investigate other functions further.
  • After reading the OpenSRS API specification (PDF) I was able to utilise commands to process domain names.

In Summary

After reading all that you are probably thinking what I’m thinking. “What a load of @#*$”. I could not agree more. TuCows OpenSRS is bloody awful to work with if you are new to it, it seems to have a serious lack of documentation on how to achieve things.

This article should help you with 2 things, firstly at least get you an account setup so you are able to manually manage domains. Secondly, it should offer you ways to interface with OpenSRS’s API.

Perhaps in the future I can provide you with some working examples, but that was not the objective of this article.

I hope this helps someone to have a less painful time with TuCows OpenSRS than me, and I invite anyone to discuss any issues I have mentioned here.