Jump to content

Setting up Nominet Registrar on a windows platform


Recommended Posts

Hi There,


Has anyone been able to get Nominet domains registrations working on a windows platform? I've searched knowledgebase, manual and forums, but I can't find anything specific about the setup procedure for a windows based system.


If anyone has this working I'd be grateful if you'd be willing to share details of what you have installed where, php config, permissions set and the details entered into WHMCS.


Here's what i have currently, and it's not giving me anything - no email text file generated, no email sent, no errors - nothing:


WHCMS setup and running on windows server 2003 via IIS 6 & PHP 5.2.1

Email settings working for all other systems within WHMCS

GNUPG setup with our Nominet keychain installed

\modules\registrars\nominet\tmp\ directory for created email with write/modify permissions for the web user.

WHCMS pointed to the GNUPG config directory & permissions for the web user enabled


Clearly something isn't working somewhere, but I'm at a loss to figure out what it is without any error messages to go with.


Any help would be gratefully received.



Link to comment
Share on other sites

I've got GPG functioning just fine on other windows machines, albeit not integrated into anything more complicated than Outlook, so I can't see it being a complete dead end. If it takes some mucking about, then that's what I'll have to do, but it's nigh on impossible without any error logs or debug code.


At the moment I can't even get the system to generate the text files with the email contents, let alone sign and send them, so just getting that fixed would be an achievement, and I can then turn my attention to getting the signing working.


Matt, do you have any pointers for setting this up in a Windows environments - clearly this has been considered as I see that a "tick if you're using a windows server" option has been added, and presumably you've got this working in your dev environment. Could you please share details of how you intended it to be set up?





Link to comment
Share on other sites

  • 2 weeks later...

I've been having a dialogue with Matt about this in the support system, I've nearly got it nailed and I just thought I'd share my findings with anyone who's looking for some info on this.


Matt sent me a couple of code snippets to play with and from using those, I've identified a few issues that I think were/are causing the problem I've been having. I'll run through everything that I've come up against:



These need to be set for the user that the website runs as for a number of folders and files:


%Site Root%/modules/registrars/nominet/tmp - you need to create this folder manually and give the website user read and modify access to create the txt files with the instructions to the Nominet automaton.


GPG program file - The web user needs read and execute permissions for the actual GPG program file in order to run it to sign the text file.


GPG config and keychain folder - usually C:\Documents and Settings\<username>\Application Data\gnupg - The web user needs read and execute permissions for this folder so that it can access your keychain.


%systemroot%\system32\cmd.exe - The web user needs read and execute permissions for this file in order to actually run the gpg.exe program.


The permission are only half the story. I have all of these permissions in place, and it still doesn't work fully on my setup. I know that the permissions are correct as I've cobbled together a test script (from the snippets that Matt has sent me) that replicates what the WHMCS system does when it generates the txt files and signs them. This script works fine, but only after I made a tweak in the way that it generates the paths for the functions that it uses.


The Nominet registration process uses 2 PHP functions: fopen and shell_exec. The fopen function is used to write the instructions to the nominet automaton into a text file, and shell_exec is used to externally execute the gpg.exe to sign that text file. The problem is that the same path variable is used to specify the file to be created and signed. This doesn't sound like it should be a problem, until you consider that the way that fopen and gpg handle paths to files. WHMCS defines a fully qualified path right down to the root of the drive. Fopen can handle this just fine and will happily create the text file. Gpg can only handle this if the fully qualifies path contains no spaces in the directory names. If your full path contains directories with spaces in the names, the gpg signing will fail. The solution is to use 2 variables, one fully qualified one for fopen, and a relative one for gpg. This is what I've done in the attached script.


Matt is currently reviewing this and it may be incorporated into future releases.


One last thing that the gpg-spaces-in-paths issue affects is the PGP home specified in the nominet registrar settings in the admin panel. This needs to be specified with short DOS file names with double backslashes. e.g. "C:\Documents and Settings\user\Application Data\gnupg" should be entered into the admin panel as "C:\\Docume~1\\user\\Applic~1\\gnupg\\" but will appear as "C:\Docume~1\user\Applic~1\gnupg\" once it has been saved.


As I said, I'm still having an issue with this for some reason. I couldn't get v3.4.1 to generate anything, but after rolling back to v3.4.0 the txt file generation works, but not the signing (for reasons stated above). Matt assures me there is no difference in the nominet code between the 2 versions, which leaves me even more confused.


That's about all I can think of in terms of what I've had to do to get this far. The attached file should be run from the nominet folder - %Site Root%/modules/registrars/nominet/ and will create and sign a text file in the tmp folder if all the permissions are setup correctly.


If anyone else is having trouble with this or has any comments, please give me a shout.






Link to comment
Share on other sites

  • 2 months later...



You post helped us no end in getting the Nominet PGP signing working.


The only extra item we had to do which was not mentioned in your text was ensure that the PATH to both php.exe AND gpg.exe was in the environment for the user the website was running as.


Once we did this the text files were being signed without any problems.


Hope this little extra bit helps anyone who needs it!


Thanks Andy :)

Link to comment
Share on other sites

The script creates the .txt file but does not create the .asc version.

If I manually run the command that is shown on the debug page it works from a cmd prompt.

I have gone over the permissions so many times and have given 'everyone' read and exec on the gpg.exe and pgp files but it still wont work.


Any ideas?

Link to comment
Share on other sites

Actually scrap that, it wouldn't need the path to PHP in there to work from the website!


The only other thing I can think of is that the path to your GPG home contains no spaces (as andy said do a dir/x to see what it is called) and make sure that you are using double \\ when refering to the folde


1. Check IUSR has READ and EXECUTE permission to the GPG programs folder

2. Make sure your GPG home folder is defined with double quotes.

Ours is D:\\webs\\BILLIN~1.UK\\pgp\\ and that the IUSR has READ permissions


Hope this helps

Link to comment
Share on other sites

I have moved the files from C:\Program Files\GNU\GnuPG into c:\pgp and directly called the gpg.exe as follows:

$exec_command = "echo $passphrase| c:\\pgp\\gpg.exe --no-tty --passphrase-fd 0 --homedir $pgphome --clearsign $file1";

it gives this on the debug page:

echo mypassphrase| c:\pgp\gpg.exe --no-tty --passphrase-fd 0 --homedir C:\pgp\ --clearsign tmp\nominet1202902026.txt

But it still wont create the .asc file.

Is there a way to debug so I can find out why it is failing?

Link to comment
Share on other sites

Ours works and our debug.php gives


Full path to file being written: D:\webs\billing.host100.co.uk\htdocs\billing\modules\registrars\nominet\tmp\nominet1202904961.txt


Path to PGP home being passed: D:\webs\BILLIN~1.UK\pgp\


Relative path to file being signed: tmp\nominet1202904961.txt


PGP script being executed: echo PASSWORD| gpg.exe --no-tty --passphrase-fd 0 --homedir D:\webs\BILLIN~1.UK\pgp\ --clearsign tmp\nominet1202904961.txt


Have you tried running the debug.php locally, php.exe debug.php. If that works it HAS to be permissions.

Link to comment
Share on other sites

I have used 'echo exec('whoami');' to find out who the website is running as and it gives 'maxwell01\iwam_plesk(default)'


So I have given iwam_plesk(default) rx permissions on the PGP folder, the gpg.exe file and the tmp dir - but it still won't work......

It can create files in the tmp location but it will not create the .asc file.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated