supernets.org- https://supernets.org |
| git clone git://git.acid.vegas/supernets.org.git |
| Log | Files | Refs | Archive |
ssl-client-certificates.html (8018B)
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <title>SuperNETs</title> 5 <meta charset="UTF-8"> 6 <meta name="author" content="SuperNETs"> 7 <meta name="description" content="A secure and anonymous, censorship-free, public environment for communication."> 8 <meta name="keywords" content="anonymous, chat, internet, irc, ircd, network, relay, secure, super, nets, supernets, xmpp"> 9 <meta name="viewport" content="width=device-width, initial-scale=1"> 10 <link rel="icon" type="image/png" href="../i/favicon.png"> 11 <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous"> 12 <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha256-3edrmyuQ0w65f8gfBsqowzjJe2iM6n0nKciPUp8y+7E=" crossorigin="anonymous"></script> 13 <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.1/umd/popper.min.js" integrity="sha256-AoNQZpaRmemSTxMy9xcqXX5VLwI6IMPYugO7bFHOW+U=" crossorigin="anonymous"></script> 14 <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js" integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous"></script> 15 <link href="../inc/style.css" rel="stylesheet"> 16 </head> 17 <body> 18 <div class="container"> 19 <header class="header clearfix"> 20 <nav class="navbar navbar-expand-lg navbar-light bg-white"> 21 <a class="navbar-brand text-muted bolder" href="#">SUPERNETS</a> 22 <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> 23 <span class="navbar-toggler-icon"></span> 24 </button> 25 <div class="collapse navbar-collapse" id="navbarSupportedContent"> 26 <ul class="navbar-nav ml-auto"> 27 <li class="nav-item"><a class="nav-link" href="../index.html">Home</a></li> 28 <li class="nav-item"><a class="nav-link" href="../about.html">About</a></li> 29 <li class="nav-item"><a class="nav-link" href="../contact.html">Contact</a></li> 30 <li class="nav-item"><a class="nav-link" href="../docs.html">Docs</a></li> 31 <li class="nav-item dropdown"> 32 <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Network</a> 33 <div class="dropdown-menu" aria-labelledby="navbarDropdown"> 34 <a class="dropdown-item" href="https://git.supernets.org/">Git</a> 35 <a class="dropdown-item" href="../irc.html">IRC</a> 36 </div> 37 </li> 38 </ul> 39 </div> 40 </nav> 41 </header> 42 <main role="main"> 43 <p>SSL Certificates can be used by your IRC client as a form of identification. 44 The certificate fingerprint will be unique and will remain the same no matter what client or host you are using. 45 This is useful for identification to people who may have a dynamic IP address. 46 Certain things like NickServ, OperServ, and other bots can use certificate fingerprints as a form of passwordless authentication. 47 Also, please note that in order to use an SSL certificate, you have to connect to the IRC using SSL aswell.</p> 48 <hr> 49 <br> 50 <h4>Create an SSL Certificate</h4> 51 <br> 52 <h5 class="text-muted">Linux</h5> 53 Open your terminal and issue the following command: 54 <br><code>openssl req -x509 -new -newkey rsa:4096 -sha256 -days 3650 -nodes -out nick.pem -keyout nick.pem</code> 55 <br><br>Make sure to <code>chmod 400 nick.pem</code> so that only you can read that file.</li> 56 <br><br> 57 <h5 class="text-muted">Windows</h5> 58 <ul> 59 <li>Download & Install <a href="http://www.slproweb.com/products/Win32OpenSSL.html">OpenSSL</a></li> 60 <li>Open command promt</li> 61 <li><code>cd C:\OpenSSL\bin</code></li> 62 <li><code>OpenSSL</code></li> 63 <li><code>req -newkey rsa:2048 -days 3650 -x509 -keyout irc.key -out irc.crt -nodes</code></li> 64 <li>Hit <kbd>Ctrl+C</kbd> to exit out of the OpenSSL program.</li> 65 <li><code>copy irc.cer+irc.key <nick>.pem</code></li> 66 </ul> 67 <br><hr><br> 68 <h4>NickServ Usage</h4> 69 Once you setup your client to use your certificate, you can then add it to your NickServ account. 70 <br>Identify to your nick with <code>/NickServ identify <nick> <password></code>, and then do <code>/NickServ CERT ADD</code>. 71 <br><b>Note:</b> This will add the fingerprint of the certificate you are using to connect to your NickServ account. 72 <br><br>Once you have your fingerprint added to your NickServ account, you no longer need to send a <code>/NickServ identify</code> command. You will automatically be identified upon connection, so as long as you connect with a client certificate thats fingerprint matches the one added to your NickServ account. 73 <br><hr><br> 74 <h4>Client Usage</h4> 75 <br> 76 <h5 class="text-muted">AndroIRC</h5> 77 <ul> 78 <li>In order to use your certificate in AndroIRC, you'll need to convert it to the PKCS12 format.</li> 79 <li>openssl pkcs12 -in <nick>.pem -export <nick>.pfx</li> 80 <li>Place your certificate file in the <i>AndroIRC/certs/</i> directory.</li> 81 <li>Edit the settings for your IRC network in AndroIRC and check the ‘Use SSL certificate’ option, and edit the ‘SSL certificate filename’ to match the name of your certificate file. If you have set a password for your certificate, enter it in the ‘SSL certificate password’ option. Be sure that Use secured connection is checked before trying to use an SSL certificate.</li> 82 </ul> 83 <br> 84 <h5 class="text-muted">HexChat / XChat</h5> 85 <ul> 86 <li>HexChat uses the pem file that corresponds with the name of the network under Network list.</li> 87 <li>Place your certificate file in the <i>~/.config/hexchat/certs/<network_name>.pem</i> directory.</li> 88 <li>For Windows users, place your certificate in the <i>%APPDATA%\HexChat\certs\<network_name>.pem</i> directory. <small><i>(The file must be named client.pem)</i></small> 89 <li>Edit the settings for your network and check the ‘Use SSL for all servers on this network’ option and the ‘Accept invalid SSL certificates’ option.</li> 90 <li><b>Note:</b> The same settings apply for XChat except the cert directory is in <i>~/.xchat2/</i> for Linux and in <i>%APPDATA%\Roaming\X-Chat 2</i> for Windows. 91 </ul> 92 <br> 93 <h5 class="text-muted">irssi</h5> 94 <ul> 95 <li>Place your certificate file in the <i>~/.irssi/certs/</i> directory.</li> 96 <li>/server add -ssl -ssl_cert ~/.irssi/certs/<nick>.pem -network <network_name> <network_address> <ssl_port></li> 97 </ul> 98 <br> 99 <h5 class="text-muted">mIRC</h5> 100 <ul> 101 <li>Options Menu -> Connect -> Options</li> 102 <li>Click on the SSL button.</li> 103 <li>Click on the empty box below ‘Private Key File’, navigate to where you placed your nick.pem file and select it.</li> 104 <li>Do the same for ‘Certificate Chain File’.</li> 105 </ul> 106 <br> 107 <h5 class="text-muted">WeeChat</h5> 108 <ul> 109 <li>Place your certificate file in the <i>~/.weechat/certs/</i> directory.</li> 110 <li>/set irc.server.<network_name>.ssl on</li> 111 <li>/set irc.server.<network_name>.ssl_cert %h/certs/<nick>.pem</li> 112 <li>/set irc.server.<network_name>.ssl_verify off</li> 113 </ul> 114 <br> 115 <h5 class="text-muted">ZNC</h5> 116 <ul> 117 <li>Place your certificate file in the <i>~/.znc/users/<user>/moddata/cert/<nick>.pem</i> directory.</li> 118 <li>/znc LoadMod cert</li> 119 <li>/znc LoadMod certauth</li> 120 <li>/msg *certauth add</li> 121 <li>You can now connect without a passord by sending "username/network:" to the ZNC server.</li> 122 </ul> 123 </main> 124 <footer class="footer"> 125 <p>© Supernets 2019</p> 126 </footer> 127 </div> 128 </body> 129 </html>