This module allows you to authenticate to IRC services (such as NickServ) using CertFP and your own certificate.
The SSL certificate needs to be uploaded to the server in order for this module to work. This can be done using the webadmin.
Generating a Certificate
We recommend using OpenSSL to generate certificates which is available on Windows and Linux.
This command below will generate 4096-bit certificate which will expire in 365 days. The contents of the user.pem this generates is the certificate you will need to add to the bouncer.
openssl req -nodes -newkey rsa:4096 -keyout user.pem -x509 -days 365 -out user.pem -subj "/CN=YourNickname"
Using the Certificate
To obtain the SHA-1 fingerprint of the certificate you have generated enter the following command:
openssl x509 -sha1 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'
Please be aware: Not all networks use SHA-1 fingerprints, some are using SHA-256, SHA-512. These can be generated using the below commands but we recommend consulting the IRC network to find out exactly which fingerprint you need.
openssl x509 -sha256 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/' openssl x509 -sha512 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'
You now need to add the fingerprint to your NickServ account, in most cases this can be done with the following command:
/msg NickServ cert add <fingerprint>
Note: On some networks, using "/msg NickServ cert add" without a fingerprint will add the fingerprint of certificate that the current connection is using.
This module takes no arguments
This module will only work correctly if an SSL certificate has been uploaded via the webadmin and comes with 2 commands. They are as follows:
To delete the certificate
/msg *cert delete
Show the currently stored certificate
/msg *cert info