To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.
Cert: Difference between revisions
>Mkaysi m 2015-05-28 16:40:56+0300 < DoctorD90> Mikaela, just for "dummies", explain to skip nickserver add fingerprinter step :D |
Restore Cert from archive.org - 2016/11/07 |
||
| Line 3: | Line 3: | ||
This module lets users use their own SSL certificate to connect to a server, such as [http://www.oftc.net/oftc/NickServ/CertFP CertFP]. | This module lets users use their own SSL certificate to connect to a server, such as [http://www.oftc.net/oftc/NickServ/CertFP CertFP]. | ||
You will have to generate | You will have to generate an SSL certificate to use with this module. Either place it at `~/.znc/users/<user>/networks/<network>/moddata/cert/user.pem`, or use the web interface to upload the certificate. | ||
You can usually test if Cert is supported by services simply by sending <code>/msg NickServ cert</code>. If you get an error about “Insufficient parameters for CERT,” CertFP is supported. If you get an error about unknown command, or no response at all, it may not supported. While this is a fairly reliable test, it may vary by IRC network, for example [http://rizon.net Rizon] supports Cert but uses the command <code>/msg NickServ access</code> instead. | |||
{{Module arguments|type=user/network}} | {{Module arguments|type=user/network}} | ||
| Line 17: | Line 19: | ||
+---------+-----------+--------------------------------+ | +---------+-----------+--------------------------------+ | ||
</pre> | </pre> | ||
==Generating a certificate == | ==Generating a certificate == | ||
You can use the following openssl commands to generate a certificate | You can use the following openssl commands to generate a certificate | ||
This command would produce a 2048-bit certificate which would expire in 3650 days. You can modify the arguments to openssl to change this. | This command would produce a 2048-bit certificate which would expire in 3650 days. You can modify the arguments to openssl to change this. user.pem is the certificate you will need to add to ZNC. | ||
<pre>openssl req -nodes -newkey rsa:2048 -keyout | <pre>openssl req -nodes -newkey rsa:2048 -keyout user.pem -x509 -days 3650 -out user.pem -subj "/CN=YourNickname"</pre> | ||
Enter this to get the fingerprint: | Enter this to get the fingerprint: | ||
openssl x509 -sha1 -noout -fingerprint -in | openssl x509 -sha1 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/' | ||
''If you are following instructions from [[certauth]], you can stop here. Your certificate is <code> | ''If you are following instructions from [[certauth]], you can stop here. Your certificate is <code>user.pem</code>, and [https://freenode.net/certfp you must tell your client to use it.]'' | ||
Add the fingerprint to your NickServ account: | Add the fingerprint to your NickServ account: | ||
| Line 34: | Line 37: | ||
Now move the cert your folder: | Now move the cert your folder: | ||
mv | mv user.pem ~/.znc/users/<user>/networks/<network>/moddata/cert/ | ||
Revision as of 19:18, 2 April 2017
 |
This module is a part of ZNC. This module is shipped with ZNC by default. If you have the right "LoadMod" you can activate it with /znc LoadMod certThe code for this module can be found here. |
This module lets users use their own SSL certificate to connect to a server, such as CertFP.
You will have to generate an SSL certificate to use with this module. Either place it at `~/.znc/users/<user>/networks/<network>/moddata/cert/user.pem`, or use the web interface to upload the certificate.
You can usually test if Cert is supported by services simply by sending /msg NickServ cert. If you get an error about “Insufficient parameters for CERT,” CertFP is supported. If you get an error about unknown command, or no response at all, it may not supported. While this is a fairly reliable test, it may vary by IRC network, for example Rizon supports Cert but uses the command /msg NickServ access instead.
Arguments
This user/network module takes no arguments.
Read loading modules to learn more about loading modules.
Commands
+---------+-----------+--------------------------------+ | Command | Arguments | Description | +---------+-----------+--------------------------------+ | Help | | Generate this output | | delete | | Delete the current certificate | | info | | | +---------+-----------+--------------------------------+
Generating a certificate
You can use the following openssl commands to generate a certificate
This command would produce a 2048-bit certificate which would expire in 3650 days. You can modify the arguments to openssl to change this. user.pem is the certificate you will need to add to ZNC.
openssl req -nodes -newkey rsa:2048 -keyout user.pem -x509 -days 3650 -out user.pem -subj "/CN=YourNickname"
Enter this to get the fingerprint:
openssl x509 -sha1 -noout -fingerprint -in user.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'
If you are following instructions from certauth, you can stop here. Your certificate is user.pem, and you must tell your client to use it.
Add the fingerprint to your NickServ account:
/msg NickServ cert add fingerprint
Now move the cert your folder:
mv user.pem ~/.znc/users/<user>/networks/<network>/moddata/cert/