How to - Setting up Accesses
Purpose of this How-To
This How-To informs you how to set up the required accesses to the DENIC registration system.
Terms Explained in Brief
DENIC Business Services (DBS)
DBS is your contact for all matters relating to membership and registrar support.
Environment
The registration system is available to the members in two different environments, with different features. In addition to the live environment, there is also a test environment.
Technical Onboarding
A new DENIC member must provide details for technical integration (technical onboarding). These include information that is necessary for preparing the initial login at the Registrar Administration Interface (RAI).
Registrar Administration Interface (RAI)
Members manage their registration accounts in the Registrar Administration Interface web app, in short RAI. The RAI is also used to set up the access to the DENIC registration system.
Registration Account
A registration account is necessary to register domains with DENIC. Your membership includes one registration account, the primary or basic registration account.
General Request
General Request is a special handle in your registration account.
GeneralRequestUriTemplate
The general request includes the GeneralRequestUriTemplate contact information as URL or mailto link for general requests to the registrar or the domain holder about a domain. The contact information is output publicly via web-whois.
Realtime Registry Interface (RRI)
The DENIC registration system works with the Realtime Registry Interface (RRI) protocol, via which requests are sent to the registration system.
RRI-Login
Your requests can only be accepted if you authenticate yourself by entering your access data in the DENIC registration system (RRI). To do so, set up an RRI login via the RAI.
Two-factor Authentication
With a two-factor authentication you log on to DENIC at the RAI access point. The first factor is the password of your access and the second factor is a time-limited one-time password (TOTP).
Carrying Out the Technical Onboarding
Step 1: Log in to the member section on the DENIC website.
Press the button "To DENIC Member Section" on our homepage to enter your access data.
Step 2: Complete the form.
For technical onboarding, a form with three tabs is used.
Tab 1: Information
On the first tab, enter e-mail addresses for mailing lists and messages (messages are sentto you by the registration system). Moreover, you can request authorisation for using the Test environment.
Tab 2: RAI Access
In addition to a user name and a password, (tool for generating a password hash under: Hash Generator), a time-limited one-time password (TOTP) is required for access to the RAI.
| Notice | In the section Set up two-factor authentication, you will learn how you can set up the method for generating time-limited one-time passwords (TOTP) yourself. |
For your first login to the RAI, DBS will create a one-time password for you. For this purpose, make an appointment with DBS by entering a phone number and a call-back time on the tab. With an RAI INFO mail, you will be informed about any changes that have been made to your registration account via the RAI.
Tab 3: Master Key
The master key is a PGP key. Every member needs at least one master key to be able to send signed e-mails to DBS in order to request or terminate the setting up of additional registration accounts, quotas and additional accesses to the RAI and the member website. Moreover, changes to RAI INFO mails may be requested. General e-mail communication with DENIC can also be signed with the master key.
| Length of the Key | minimum 2048 Bit |
|---|---|
| Key Types | DH/DSS |
| DSA | |
| RSA | |
| DSA und ElGamal | |
| Algorithms | RIPEMD160withRSA |
| RIPEMD256withRSA | |
| SHA256withECDSA | |
| SHA384withECDSA | |
| SHA512withECDSA | |
| SHA384withRSA | |
| RIPEMD160withECDSA | |
| SHA256withDSA | |
| SHA384withDSA | |
| SHA512withDSA | |
| SHA256withRSA | |
| SHA512withRSA |
Set up two-factor authentication
Step 1: Install an app for your two-factor authentication.
For setting up a 2FA app, this quick guide exemplarily describes how to install the Google Authenticator for Android devices.
If you do not yet use any application for a two-factor authentication, you can download the Google Authenticator for your device with the QR codes below (QR Code® is a registered trademark of the Denso Wave Incorporated.).
Google Authenticator
Figure 1: QR code for Android
Figure 2: QR code for iOS
Step 2: Enter the access data for the RAI from the technical onboarding.
| Notice | DENIC Business Services (DBS) has already sent you an e-mail to confirm the creation of the user name and the password defined on the technical onboarding page. At the agreed call-back time, DBS has told you the one-time password for your first login. |
In your web browser, open the RAI access site.
Enter your user name, your password and the onetime password.
| Notice | For all further logins to the RAI, please set up a two-factor authentication (2FA) as described in the following steps. |
Step 3: Start the Google Authenticator.
Start the app and read the introductory information.
Step 4: Enable two-factor authentication in Google Authenticator by scanning a QR code.
In the RAI, click the orange button.
Figure 3: The function is available after logging into RAI.
You will see a QR code on your screen. In the app, tap on the menu item Scan barcode. Use your mobile device to scan the QR code.
That's it!
Your RAI access has been set up now. Start the Google Authenticator whenever you log in to the RAI and enter your user name, your password and the six-digit code (time-based onetime password).
Editing the Registration Account
Step 1: Select a registration account and complete the mandatory fields.
Select a registration account and click on Edit on the page that follows. In new registration accounts, you will find some fields already completed with dbs@denic.de. This has been entered by DBS as a placeholder. Replace these placeholders with your own data and complete the mandatory fields (see table). Save your changes.
| Notice | The information for your registration account is
divided into several sections. Your member and
registrar information is shown at the top, followed
by your member address and contact details and
the setup of the RRI login. The last two blocks are
for .de domain information. To be able to take part in the registration system for .de domains, complete the mandatory fields in the .de domain block (see list below) and carry out the steps described in the Setting Up Your RRI Login section. |
List of Mandatory Fields
| Field | Description | Example |
|---|---|---|
| Phone | General phone number | +49 69 27 235 290 |
| Fax | General fax number | +49 69 27 235 238 |
| General e-mail address | dbs@denic.de | |
| E-Mail Hostmaster-Liste | E-mail address for hostmaster-l mailing list | dbs@denic.de |
| E-Mail Tech-Announce-Liste | E-mail address for tech-announce- l mailing list | dbs@denic.de |
| Url | Output of the URL in response to queries by the registration account | https://www. denic.de |
| MsgFeed | Message feed setting | rri |
| GeneralRequest | Handle for general requests | DENIC- 99990-BSP |
| GeneralRequestUriTemplate | Hyperlink or mailto link | mailto:info@ denic.de |
| EmailTo | E-mail address to which the registration system sends e-mails | dbs@denic.de |
| EmailChprovIn | E-mail address for CHPROVs started by the provider itself | dbs@denic.de |
| EmailChprovOut | E-mail address for CHPROVs to be acknowledged | dbs@denic.de |
| Notice | The fields „E-mail hostmaster list“, „E-mail tech-announce list“ and „EmailTo“ are already filled with information from the technical onboarding. |
Setting Up Your RRI Login
Step 1: Set up an RRI login in the RAI.
Click on the plus symbol to the left of RRI Login.
Figure 4: Section in the registration account to set up an RRI login
Complete the RRI Login field with a handle. In the dropdown list, select .de.
Enter the password in form of an MD5 hash in the field RRILoginPw.
| Notice | On the DENIC website, we provide a Hash Generator for calculating an MD5 hash. |
Step 2: Set up the General Request and the GeneralRequestUriTemplate.
If the fields GeneralRequest and GeneralRequestUriTemplate are empty, you have to fill in these fields. Enter a handle in the GeneralRequest field and a hyperlink or a mailto link in the field GeneralRequestUriTemplate.
Example of a hyperlink and a mailto link
----------------------------------------
https://www.denic.de
mailto:info@denic.de
| Notice | You can also update existing General Requests here. For GeneralRequestUriTemplate, you may also enter a URI template with variables. For more detailed information, please consult the documentation on the topics Explanation of the URI-Template and Contact Details. |