Module:Cert

From BNC4FREE
Revision as of 14:46, 22 April 2020 by Russell (talk | contribs) (Module Info for cert added)
Jump to navigation Jump to search

cert

This module allows you to authenticate to IRC services (such as NickServ) using CertFP and your own certificate.

The SSL certificate needs to be uploaded to the server in order for this module to work. This can be done using the webadmin.

Certificates

Generating a Certificate

We recommend using OpenSSL to generate certificates which is available on Windows and Linux.

This command below will generate 4096-bit certificate which will expire in 365 days. The contents of the user.pem this generates is the certificate you will need to add to the bouncer.

   openssl req -nodes -newkey rsa:4096 -keyout user.pem -x509 -days 365 -out user.pem -subj "/CN=YourNickname"

Using the Certificate

To obtain the SHA-1 fingerprint of the certificate you have generated enter the following command:

   openssl x509 -sha1 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'

Please be aware: Not all networks use SHA-1 fingerprints, some are using SHA-256, SHA-512. These can be generated using the below commands but we recommend consulting the IRC network to find out exactly which fingerprint you need.

   openssl x509 -sha256 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'
   openssl x509 -sha512 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'

You now need to add the fingerprint to your NickServ account, in most cases this can be done with the following command:

   /msg NickServ cert add <fingerprint>

Note: On some networks, using "/msg NickServ cert add" without a fingerprint will add the fingerprint of certificate that the current connection is using.

Usage

Arguments

This module takes no arguments

Commands

This module will only work correctly if an SSL certificate has been uploaded via the webadmin and comes with 2 commands. They are as follows:

To delete the certificate

   /msg *cert delete

Show the currently stored certificate

   /msg *cert info