Skip to Content

.CA FAQ

.CA FAQ


1. Will I still be able to use RARXML?

No. On October 12th, 2010 CIRA will be officially decommissioning its proprietary domain registration management protocol, commonly referred to as RARXML. It should be noted that requests being sent to that service after October 12th, 2010, will result in web server errors such as connection time out or page not found. Registrars should plan to halt all traffic to https://rarxml.cira.ca/rars port 443.

2. What other services will not be available?

The following is a list of other services that will no longer be available.
RARWEB at https://rarweb.cira.ca/rars

RINFO at https://ro.cira.ca/rinfo

RWHOIS at https://ro.cira.ca/rwhois

RWHOIS TOKEN at https://ro.cira.ca/rwhois.token and http://ro.cira.ca/rwhois.token

DOMAIN:CHECK EPP at adm01.tor.cira.ca port 700

DOMAIN CHECK TELNET at adm01.tor.cira.ca port 701

Note: CIRA is planning to de-commission the CIRA certified logo feature in the fall of 2010

Registrars should plan to halt all traffic to these sites and servers.

RARWEB is effectively being replaced by .CAManager, which will be available at https://services.cira.ca/DotCaManager. The service known as the Registrants interface at https://registrants.cira.ca/user will no longer provide the same service. As a courtesy to our Registrars, we will be redirecting traffic to a static landing page with helpful information about CIRA's changes.

3. I have more than one Registrar profile; do I need a certificate for each?

We currently plan to allow Registrars to provide one or more client certificates for each or all of their profiles. If they choose to submit one certificate for more than one profile, we ask that the request be made clear to Registry Services when submitting certification and IP address information.

4. I have links to various pages on CIRA's sites and services. What will happen to those links after October 12, 2010?

It is good practice for Registrars to keep an inventory of external links so that they can manage them effectively. CIRA will make every attempt to announce significant changes, but cannot guarantee that all site changes will be communicated. Our corporate website and the Members website will NOT change significantly. There are a number of dynamic services that will change and may result in errors. The elections website will not be available for a brief time after October 12th, 2010. Summary information regarding the election will be made available on our corporate website. In addition, the CIRA Certified Registrar Logo will be decommissioned some time in September 2010. Registry Services will provide an advisory soon with more detail.

5. Other registries don't authenticate client certificates. Why does CIRA?

PKI is all about security and trust. These are themes that CIRA takes very seriously. We know that there are differing opinions on the actual value of authenticating the client with SSL/TLS, but we chose to remain compliant with the IETF specifications for EPP for various reasons. One important reason is the following. If CIRA did not enforce client authentication out of the gate, there would be very little chance that we could introduce it at a later phase. With our Registrars all having to re-configure their clients for our new service, this was the best opportunity to get full coverage. Now that we have it as a foundation, we can devote future releases to improving the process. If improvement means removing the feature, that has significantly less impact on Registrars than starting with nothing and adding the feature.

6. There is a difference in the .CA Registry Guide for Registrars and XSD, which one is correct?

So far, we've identified a few discrepancies and we've found that the .CA Registry Guide for Registrars is more often the correct specification.

7. You have auto renewed a domain that I want to delete but, I can't perform the action, because it has subordinate hosts that are assigned to other domains that I don’t sponsor. How can I delete it?

i) Our current software ensures that only the sponsor of a domain will be able to create subordinate hosts for that object.
ii) CIRA will create and sponsor a special domain for each Registrar, a convention similar to RAR-"<registrar id>".ca.
iii) Registrars who encounter an error trying to delete a domain for which subordinate hosts have active assignments can perform an update on the assigned hosts, renaming them using the convention <domain>.RAR-123.ca (This convention will be required as under normal circumstances, you will not be permitted to update a host to use a superordinate domain for which you are not the sponsor.)
iv) The superordinate domain can now be deleted while zone file data is preserved for all previous assignments.
v) CIRA will monitor and periodically clean out these special hosts when they no longer have assignments or a superordinate at their original domain name.


8. How many concurrent connections in EPP will you support?

We have been running EPP under stress and performance testing for some time now and we are confident that our new service and its underlying infrastructure will be significantly better with respect to performance than our current services. However, as we won't know for certain what EPP will do to our real-world load profile, we are asking Registrars to limit their number of concurrent connection to 5 for the first few weeks. This should allow us time to validate certain assertions that have been made during perf testing, after which, we will increase that number.


9. What happens if I go over my limit?

Our server can be configured to limit the number of connections by IP or Registrar account, but like our current system, we will not enforce limitations. Instead, we will rely on our partnership with you, our valued channel partners. If we notice that volume has exceeded our communicated limits, our compliance office will notify you through Registry Services. Again, after a few weeks we will likely increase the number of allowable connections and we may configure the systems to automatically restrict if that is easier for EPP clients to manage sessions.

10. When will you provide reports and inventory lists of registry objects to the Registrars?

CIRA wanted to avoid having to report off of our main registry database and as such, we have kept reporting to a minimum. We continue to encourage Registrars to keep track of their data at their end. That being said, CIRA is currently working on developing a data warehouse framework that will be scalable and support the need to provide reports to Registrars and other stakeholders. You can expect enhancement to reporting and inventory lists in the next major release after migration (likely in the spring of 2011).

11.  I use the Deposit Account Statement Report to reconcile my financials. Will the new system have it?

This is an example of a low frequency and volume of use report that has an expensive performance cost. This is an ideal candidate for the future data warehouse reporting framework. However, we understand the need for this type of service and will continue to provide it until the data warehouse is up. Requests can be made to Registry Services for this type of report until we can provide you with online access to the 'warehouse' reporting.

12. What is going to happen to TBR?

The TBR acquisition service at https://tbr.cira.ca/tbr will not change significantly. TBR will NOT be served over EPP service. The existing interface with all its parameters has been kept intact. However, it should be noted that Registrars do not need to provide name server (host) data or registrant id data. Providing this data will not result in an error but, the data will be ignored by the program. The TBR service will be in moratorium for a time during the migration phase. The last run will occur on Wednesday October 6th. The service will be brought back on line some time in late November or early December.

13. I'm having trouble getting an EPP client working. What will CIRA do to help me? OR I can't seem to connect to your servers with .NET. Can you help?"

We appreciate that the EPP protocol is new to some of our Registrars and it is important to note that our EPP service is dramatically different than our current service. It is almost certain that your current clients cannot be configured to simply redirect to our new service because the new service requires a persistent TCP socket connection upon which XML messages are sent back and forth. Our current system is an HTTP protocol server that handles one synchronous connection and command at a time.
There are many good EPP clients available for download (both open and closed source). CIRA will not make specific recommendations however; we encourage Registrars to use sourceforge.net or simply searching your favourite search engine to get started. Currently, there is only one Open source client that has included CIRA specific extensions. Net::DRI is a Perl library and is available at cpan.org or dotanco.com.

If you choose to write your own client, we can provide a prototype client that will demonstrate how to connect using SSL to our service. Currently this prototype is available in Java or PHP.
N.B. If you are using the .NET platform (C# or VB Net) and specifically using the SslStream native library from Microsoft, you will not be able to connect to our servers. We have confirmed with Microsoft that the current version of SslStream will not support multiple payload communication when establishing the SSL handshake. CIRA's certificate trust is large enough that it requires sending multiple payloads and therefore exploits this limitation. CIRA does not intend to abandon the requirement of authenticate using client certificates; therefore we cannot support the Microsoft native lib SslStream.
If you need to use .NET, we recommend that you build a proxy server (Java, Perl, C++ etc) that can communicate with our service and that you configure your .NET client to communicate with it. Alternatively, there may be other registrars that would be willing to partner with you or provide service to help with this type of proxy solution.

14. Will CIRA provide an EPP client?

Apart from example code and prototypes demonstrating client connections, CIRA will not be releasing an EPP Client.

15.  Will the WHOIS service be available during your service window when you stand up the new system?

The WHOIS directory will remain available during the service window and will remain largely unchanged during the outage period. After migration to the new system, the WHOIS data will be updated and refreshed.

16. I won't be ready for October. Can CIRA delay the migration? Do I have to migrate with everyone else?

Given the number of CIRA Registrars that will be prepared for the October 12th, 2010, CIRA cannot delay the migration. All data will be transformed and all existing services will be decommissioned. Registrars are not absolutely required to have their systems ready on the 12th but, it should be noted that their sponsored objects will be part of our new service. If you plan to delay configuring your services to integrate, we strongly recommend that you take and pass the policy examination which will allow you to manage your objects with the .CAManager website.

17.  Can your OTE environment send us the emails that you will be sending to Registrants?

Currently we do not support that type of service in OT&E. We will be providing email content and information about what will trigger the email to Registrants. It is possible that we will add this functionality to OT&E in subsequent releases after October.

18. I plan to continuously send INFO commands to keep my database synchronized with yours. Is that ok?

As mentioned, future releases will provide inventory lists over a secure channel to Registrars that might eliminate the need for this type of high volume access to our servers. However, in the absence of that, we understand that Registrars need to keep their databases in sync as much as possible. We strongly encourage you to keep track of commands and results as much as possible and remind you that it is your responsibility to manage your customer data as it pertains to domain, host and contact management. Please use common sense when sending info commands. Stay within your limits of concurrent connections, try to send high traffic during slower periods of activity such as overnight or on weekends. Above all, adhere to CIRA's acceptable use policies which will be made available soon.

19.  What do I need to configure my EPP client to interact with CIRA's EPP servers?

You need a SSL certificate (self-signed is ok). You should contact Registry Services for instructions on how to send the certificate. In addition you will be asked to provide IP address information of servers that will be connecting to our OT&E environment.

20. How long will my EPP connection remain open?

An EPP connection will expire if there is no activity for 5 minutes. Otherwise it will remain open.

21. I know you've told us many times, but when exactly are you cutting over?

Our service window of the transition to new systems is scheduled for Tuesday October 12th, 2010 and will begin at 10:00 AM EST

22. Using the .CA Manager and uploading a Logo, I am getting Error 5051 ~ An Exception has occurred while trying to scan your file for viruses. Please contact RSU for assistance.

Occasionally you may run into a situation where, upon uploading a file with an extension other than the valid image types GIF, JPEG, and PNG, you may get Error 5051 ~ An Exception has occurred while trying to scan your file for viruses. Please contact RSU for assistance. CIRA scans all files for viruses. Note that only extensions with the valid image types GIF, JPEG, and PNG are accepted.

23. Will the CIRA OT&E environment continue to be available for Registrar testing purposes?

Yes, the OT&E environment is a permanent location for CIRA to release upcoming enhancements and modifications. This includes the accreditation service. However, the migration database and service will no longer be available after September.