EPP For Domain Registration connection fails when using a certificate

Question

I am using EPP (Extensible Provisioning Protocol) to perform domain registration operations.

Everything works fine but when I use a certificate, the login request fails.

Let us say I have certificate in C:\Folder\epp.crt and using the following code:

var tcpTransport = new TcpTransport(url, port, new X509Certificate("C:\Folder\epp.crt"), true);
var service = new Service(tcpTransport);
service.Connect();

This code executes just fine and service is connected. That means connection to URL is established using certificate. Now, I try to login with:

service.Execute(logingCmd);

But this gives me "Server requires Client certificate validation, no client certificate provided".

Why? Should there be any flag for certificate in login command?

Answer 1

Per RFC5734, EPP uses TLS, not TCP. This RFC also mandates use of client certificates.

Your question lacks details about the content of epp.crt (where is the associated key?) or the language you use. The TLS negotiation, including validation of client certificate happens before the EPP login, but the exact moment may be hidden by the library you use to connect.

So to answer your "Should there be any flag for certificate in Login Command?", no there should not as the certificate handling is part of the transport setup, not the EPP commands. Your problem is probably more around your use of TcpTransport.

You can use a network sniffer to see exactly what happens. Registries are probably not offering TLS1.3 for now so you should still be able to see the TLS exchanges, including your client providing a certificate.

Also the registry you connect to should be able to help you.