This module allows you to authenticate to the bouncer using your own certificate rather than using password authentication
The public key of your SSL certificate needs to be uploaded to the server in order for this module to work. This can be done using the webadmin.
Generating a Certificate
We recommend using OpenSSL to generate certificates which is available on Windows and Linux.
This command below will generate 4096-bit certificate which will expire in 365 days. The contents of the YourNickname.pem this generates is the certificate you will need to add to the bouncer.
openssl req -nodes -newkey rsa:4096 -keyout YourNickname.pem -x509 -days 365 -out user.pem -subj "/CN=YourNickname"
Using the Certificate
To obtain the SHA-1 fingerprint of the certificate you have generated enter the following command:
openssl x509 -sha1 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'
The SHA-1 fingerprint returned must then be entered into the 'certauth' tab on the bouncer's webadmin or be added by command.
This module takes no arguments
This module will only work correctly if an SSL certificate has been uploaded via the webadmin and comes with 2 commands. They are as follows:
Adds a given SHA-1 fingerprint or if you have connected with a certificate, adds the fingerprint for certificate you are currently using
/msg *certauth add [SHA-1 fingerprint]
Deletes the public key with a given number (from list)
/msg *certauth delete <number>
Show the public key of the certificate you are currently using
/msg *certauth info
List the public keys that have been added to your account
/msg *certauth list
For certificate authentication to work, you must connect to the bouncers SSL port (+1339) and you must still send your username and network name (optional).
E.g "YourUsername/NetworkName:" or "YourUsername:". No password needs to be specified.