Difference between revisions of "Module:Cert"
(Module Info for cert added) |
m (Format Changes) |
||
| Line 1: | Line 1: | ||
| − | |||
This module allows you to authenticate to IRC services (such as NickServ) using CertFP and your own certificate. | This module allows you to authenticate to IRC services (such as NickServ) using CertFP and your own certificate. | ||
The SSL certificate needs to be uploaded to the server in order for this module to work. This can be done using the webadmin. | The SSL certificate needs to be uploaded to the server in order for this module to work. This can be done using the webadmin. | ||
| − | + | = Certificates = | |
| − | + | == Generating a Certificate == | |
We recommend using OpenSSL to generate certificates which is available on Windows and Linux. | We recommend using OpenSSL to generate certificates which is available on Windows and Linux. | ||
| Line 12: | Line 11: | ||
openssl req -nodes -newkey rsa:4096 -keyout user.pem -x509 -days 365 -out user.pem -subj "/CN=YourNickname" | openssl req -nodes -newkey rsa:4096 -keyout user.pem -x509 -days 365 -out user.pem -subj "/CN=YourNickname" | ||
| − | + | == Using the Certificate == | |
To obtain the SHA-1 fingerprint of the certificate you have generated enter the following command: | To obtain the SHA-1 fingerprint of the certificate you have generated enter the following command: | ||
| Line 30: | Line 29: | ||
== Usage == | == Usage == | ||
| − | + | == Arguments == | |
This module takes no arguments | This module takes no arguments | ||
| − | + | == Commands == | |
This module will only work correctly if an SSL certificate has been uploaded via the webadmin and comes with 2 commands. They are as follows: | This module will only work correctly if an SSL certificate has been uploaded via the webadmin and comes with 2 commands. They are as follows: | ||
Latest revision as of 15:35, 20 June 2020
This module allows you to authenticate to IRC services (such as NickServ) using CertFP and your own certificate.
The SSL certificate needs to be uploaded to the server in order for this module to work. This can be done using the webadmin.
Certificates
Generating a Certificate
We recommend using OpenSSL to generate certificates which is available on Windows and Linux.
This command below will generate 4096-bit certificate which will expire in 365 days. The contents of the user.pem this generates is the certificate you will need to add to the bouncer.
openssl req -nodes -newkey rsa:4096 -keyout user.pem -x509 -days 365 -out user.pem -subj "/CN=YourNickname"
Using the Certificate
To obtain the SHA-1 fingerprint of the certificate you have generated enter the following command:
openssl x509 -sha1 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'
Please be aware: Not all networks use SHA-1 fingerprints, some are using SHA-256, SHA-512. These can be generated using the below commands but we recommend consulting the IRC network to find out exactly which fingerprint you need.
openssl x509 -sha256 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/' openssl x509 -sha512 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'
You now need to add the fingerprint to your NickServ account, in most cases this can be done with the following command:
/msg NickServ cert add <fingerprint>
Note: On some networks, using "/msg NickServ cert add" without a fingerprint will add the fingerprint of certificate that the current connection is using.
Usage
Arguments
This module takes no arguments
Commands
This module will only work correctly if an SSL certificate has been uploaded via the webadmin and comes with 2 commands. They are as follows:
To delete the certificate
/msg *cert delete
Show the currently stored certificate
/msg *cert info