1021 lines
31 KiB
HTML
1021 lines
31 KiB
HTML
|
<!DOCTYPE html>
|
|||
|
<html lang="en"><head>
|
|||
|
<link rel="preload" href="../static/fonts/comfortaa-v30-subset-regular.woff2" as="font" type="font/woff2" crossorigin>
|
|||
|
<link rel="preload" href="../static/fonts/ubuntu-v15-latin-regular.woff2" as="font" type="font/woff2" crossorigin>
|
|||
|
<link rel="preload" href="../static/fonts/ubuntu-v15-subset-500.woff2" as="font" type="font/woff2" crossorigin>
|
|||
|
<link rel="preload" href="../static/img/libera-color.svg" as="image" type="image/svg+xml">
|
|||
|
<meta charset="utf-8">
|
|||
|
<meta content="IE=edge" http-equiv="X-UA-Compatible">
|
|||
|
<meta content="width=device-width, initial-scale=1" name="viewport"><!-- Begin Jekyll SEO tag v2.8.0 -->
|
|||
|
<title>Using CertFP | Libera Chat</title>
|
|||
|
<meta name="generator" content="Jekyll v3.9.2" />
|
|||
|
<meta property="og:title" content="Using CertFP" />
|
|||
|
<meta property="og:locale" content="en_GB" />
|
|||
|
<meta name="description" content="As an alternative to password-based authentication, you can connect to Libera.Chat with a TLS certificate and have services recognise it automatically." />
|
|||
|
<meta property="og:description" content="As an alternative to password-based authentication, you can connect to Libera.Chat with a TLS certificate and have services recognise it automatically." />
|
|||
|
<link rel="canonical" href="https://libera.chat/guides/certfp" />
|
|||
|
<meta property="og:url" content="https://libera.chat/guides/certfp" />
|
|||
|
<meta property="og:site_name" content="Libera Chat" />
|
|||
|
<meta property="og:type" content="article" />
|
|||
|
<meta property="article:published_time" content="2022-10-03T18:36:48+00:00" />
|
|||
|
<meta name="twitter:card" content="summary" />
|
|||
|
<meta property="twitter:title" content="Using CertFP" />
|
|||
|
<meta name="twitter:site" content="@liberachat" />
|
|||
|
<meta property="article:publisher" content="liberachat" />
|
|||
|
<script type="application/ld+json">
|
|||
|
{"@context":"https://schema.org","@type":"TechArticle","dateModified":"2022-10-03T18:36:48+00:00","datePublished":"2022-10-03T18:36:48+00:00","description":"As an alternative to password-based authentication, you can connect to Libera.Chat with a TLS certificate and have services recognise it automatically.","headline":"Using CertFP","url":"https://libera.chat/guides/certfp"}</script>
|
|||
|
<!-- End Jekyll SEO tag -->
|
|||
|
<link rel="icon" type="image/svg+xml" href="../static/img/libera-color.svg">
|
|||
|
<link rel="alternate icon" href="../favicon.ico">
|
|||
|
<!-- Stylesheets -->
|
|||
|
<style>/*! modern-normalize v1.0.0 | MIT License | https://github.com/sindresorhus/modern-normalize */
|
|||
|
*,::after,::before{box-sizing:border-box}:root{-moz-tab-size:4;tab-size:4}html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}body{font-family:system-ui,-apple-system,'Segoe UI',Roboto,Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji'}hr{height:0;color:inherit}abbr[title]{text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Consolas,'Liberation Mono',Menlo,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}::-moz-focus-inner{border-style:none;padding:0}:-moz-focusring{outline:1px dotted ButtonText}:-moz-ui-invalid{box-shadow:none}legend{padding:0}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}</style>
|
|||
|
<style>@font-face {
|
|||
|
/* comfortaa-regular - subset */
|
|||
|
font-family: 'Comfortaa';
|
|||
|
src: url('../static/fonts/comfortaa-v30-subset-regular.woff2') format('woff2'), url('../static/fonts/comfortaa-v30-subset-regular.woff') format('woff'), url('../static/fonts/comfortaa-v30-subset-regular.ttf') format('truetype');
|
|||
|
font-style: normal;
|
|||
|
font-weight: 400;
|
|||
|
font-display: swap;
|
|||
|
/* . C L a b e h i r t */
|
|||
|
unicode-range: U+002E, U+0043, U+004C, U+0061-0062, U+0065, U+0068-0069, U+0072, U+0074;
|
|||
|
}
|
|||
|
|
|||
|
@font-face {
|
|||
|
/* ubuntu-regular - latin */
|
|||
|
font-family: 'Ubuntu';
|
|||
|
src: local(''), url('../static/fonts/ubuntu-v15-latin-regular.woff2') format('woff2'), url('../static/fonts/ubuntu-v15-latin-regular.woff') format('woff'), url('../static/fonts/ubuntu-v15-latin-regular.ttf') format('truetype');
|
|||
|
font-style: normal;
|
|||
|
font-weight: 400;
|
|||
|
font-display: swap;
|
|||
|
}
|
|||
|
|
|||
|
@font-face {
|
|||
|
/* ubuntu-500 - subset */
|
|||
|
font-family: 'Ubuntu';
|
|||
|
src: local(''), url('../static/fonts/ubuntu-v15-subset-500.woff2') format('woff2'), url('../static/fonts/ubuntu-v15-subset-500.woff') format('woff'), url('../static/fonts/ubuntu-v15-subset-500.ttf') format('truetype');
|
|||
|
font-style: normal;
|
|||
|
font-weight: 500;
|
|||
|
font-display: swap;
|
|||
|
/* C c e n o t */
|
|||
|
unicode-range: U+0043 U+0063 U+0065 U+006E U+006F U+0074;
|
|||
|
}
|
|||
|
|
|||
|
:root {
|
|||
|
--header-height: 4rem;
|
|||
|
--content-inline-padding: 1.3rem;
|
|||
|
--content-max-width: 80ch;
|
|||
|
/* define our palette for all themes */
|
|||
|
--white: #fff;
|
|||
|
--gray-100: #f3f4f6;
|
|||
|
--gray-200: #e5e7eb;
|
|||
|
--gray-300: #d1d5db;
|
|||
|
--gray-400: #9ca3af;
|
|||
|
--gray-800: #1f2937;
|
|||
|
--gray-900: #111827;
|
|||
|
--brand-purple: #5555ff;
|
|||
|
--brand-pink: #ff55dd;
|
|||
|
/* light-theme vars */
|
|||
|
--c-bg: var(--gray-100);
|
|||
|
--c-bg-secondary: var(--white);
|
|||
|
--c-text: var(--gray-800);
|
|||
|
--c-border: var(--gray-300);
|
|||
|
--c-hl: var(--brand-pink);
|
|||
|
--c-hl-secondary: var(--brand-purple);
|
|||
|
--c-text-on-hl: var(--gray-800);
|
|||
|
--c-text-on-hl-secondary: var(--white);
|
|||
|
}
|
|||
|
|
|||
|
@media (prefers-color-scheme: dark) {
|
|||
|
:root {
|
|||
|
--c-bg: var(--gray-800);
|
|||
|
--c-bg-secondary: var(--gray-900);
|
|||
|
--c-text: var(--gray-200);
|
|||
|
--c-border: var(--gray-400);
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
* {
|
|||
|
color: var(--c-text);
|
|||
|
box-sizing: border-box;
|
|||
|
font-family: Ubuntu, sans-serif;
|
|||
|
letter-spacing: .1ch;
|
|||
|
}
|
|||
|
|
|||
|
main *, .hero * {
|
|||
|
line-height: 1.5;
|
|||
|
}
|
|||
|
|
|||
|
body {
|
|||
|
background-color: var(--c-bg);
|
|||
|
min-height: 100vh;
|
|||
|
display: grid;
|
|||
|
grid-template-rows: var(--header-height) min-content auto auto min-content;
|
|||
|
grid-template-columns: 1fr;
|
|||
|
grid-template-areas: "header" "hero" "main" "aside" "footer";
|
|||
|
}
|
|||
|
|
|||
|
a {
|
|||
|
text-decoration: underline;
|
|||
|
text-underline-offset: .05rem;
|
|||
|
}
|
|||
|
|
|||
|
a:hover {
|
|||
|
text-underline-offset: .25rem;
|
|||
|
color: var(--c-hl);
|
|||
|
}
|
|||
|
|
|||
|
h1, h2, h3, h4, h5, h6, p {
|
|||
|
word-break: break-word;
|
|||
|
scroll-margin-block-start: 4.5rem;
|
|||
|
}
|
|||
|
|
|||
|
h1, h2, h3, h4, h5, h6, strong {
|
|||
|
font-weight: 500;
|
|||
|
}
|
|||
|
|
|||
|
em {
|
|||
|
font-style: italic;
|
|||
|
}
|
|||
|
|
|||
|
h1, h2, h3, h4, h5, h6 {
|
|||
|
margin-block-end: 0;
|
|||
|
}
|
|||
|
|
|||
|
h1+*, h2+*, h3+*, h4+*, h5+*, h6+* {
|
|||
|
margin-block-start: 0;
|
|||
|
}
|
|||
|
|
|||
|
main h1 {
|
|||
|
font-size: 2.25rem;
|
|||
|
}
|
|||
|
|
|||
|
main h2 {
|
|||
|
font-size: 1.5rem;
|
|||
|
}
|
|||
|
|
|||
|
main h3 {
|
|||
|
font-size: 1.25rem;
|
|||
|
}
|
|||
|
|
|||
|
main :is(h2, h3, h4, h5, h6) a {
|
|||
|
text-decoration: none;
|
|||
|
position: relative;
|
|||
|
}
|
|||
|
|
|||
|
main :is(h2, h3, h4, h5, h6) a:hover::before {
|
|||
|
content: '#';
|
|||
|
position: absolute;
|
|||
|
left: -1.5ch;
|
|||
|
bottom: 0;
|
|||
|
font-weight: normal;
|
|||
|
font-size: 1rem;
|
|||
|
}
|
|||
|
|
|||
|
@media screen and (min-width: 800px) {
|
|||
|
body {
|
|||
|
grid-template-columns: min-content 8fr;
|
|||
|
grid-template-rows: 4rem min-content auto min-content;
|
|||
|
grid-template-areas: "header header" "hero hero" "aside main" "footer footer";
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
.skiplink {
|
|||
|
z-index: 9999;
|
|||
|
transform: translateY(calc(-100% - 1rem));
|
|||
|
display: block;
|
|||
|
position: absolute;
|
|||
|
height: 4rem;
|
|||
|
padding: var(--content-inline-padding);
|
|||
|
background-color: var(--c-bg);
|
|||
|
border-inline-end: 1px solid var(--c-border);
|
|||
|
border-block-end: 1px solid var(--c-border);
|
|||
|
}
|
|||
|
|
|||
|
.skiplink:focus {
|
|||
|
z-index: 9999;
|
|||
|
transform: translateY(0);
|
|||
|
}
|
|||
|
|
|||
|
header {
|
|||
|
grid-area: header;
|
|||
|
height: var(--header-height);
|
|||
|
border-block-end: 1px solid var(--c-border);
|
|||
|
background-color: var(--c-bg-secondary);
|
|||
|
position: sticky;
|
|||
|
top: 0;
|
|||
|
z-index: 1000;
|
|||
|
display: flex;
|
|||
|
flex-direction: row;
|
|||
|
flex-wrap: nowrap;
|
|||
|
justify-content: space-between;
|
|||
|
}
|
|||
|
|
|||
|
header a {
|
|||
|
text-decoration: none;
|
|||
|
}
|
|||
|
|
|||
|
header .logo {
|
|||
|
display: flex;
|
|||
|
flex-wrap: nowrap;
|
|||
|
align-items: center;
|
|||
|
height: 100%;
|
|||
|
padding-inline-start: var(--content-inline-padding);
|
|||
|
}
|
|||
|
|
|||
|
header .logo img {
|
|||
|
padding-block-end: .3rem;
|
|||
|
}
|
|||
|
|
|||
|
header .logo h1 {
|
|||
|
margin: 0;
|
|||
|
margin-bottom: -.4rem;
|
|||
|
font-size: 1.7rem;
|
|||
|
line-height: 1;
|
|||
|
font-family: Comfortaa, Ubuntu, sans-serif;
|
|||
|
font-weight: bold;
|
|||
|
}
|
|||
|
|
|||
|
header .nav-toggle {
|
|||
|
display: block;
|
|||
|
border-inline-start: 1px solid var(--c-border);
|
|||
|
padding: 0 1rem;
|
|||
|
display: flex;
|
|||
|
align-items: center;
|
|||
|
cursor: pointer;
|
|||
|
}
|
|||
|
|
|||
|
header nav details summary, header nav a {
|
|||
|
border-block-end: 1px solid var(--c-border);
|
|||
|
padding: 1rem;
|
|||
|
display: flex;
|
|||
|
align-items: center;
|
|||
|
cursor: pointer;
|
|||
|
white-space: nowrap;
|
|||
|
}
|
|||
|
|
|||
|
header nav details summary::before {
|
|||
|
content: "►";
|
|||
|
padding-inline-end: .3rem;
|
|||
|
}
|
|||
|
|
|||
|
header nav details[open] summary::before {
|
|||
|
content: "▼";
|
|||
|
}
|
|||
|
|
|||
|
header nav .nav-close {
|
|||
|
display: none;
|
|||
|
}
|
|||
|
|
|||
|
header nav.show .nav-close {
|
|||
|
display: flex;
|
|||
|
}
|
|||
|
|
|||
|
header nav {
|
|||
|
transform: translateY(calc(-100% - 1rem));
|
|||
|
display: flex;
|
|||
|
flex-direction: column;
|
|||
|
justify-content: flex-start;
|
|||
|
position: fixed;
|
|||
|
right: 0;
|
|||
|
top: 0;
|
|||
|
bottom: 0;
|
|||
|
background-color: var(--c-bg-secondary);
|
|||
|
min-width: 20rem;
|
|||
|
max-width: 30rem;
|
|||
|
border-inline-start: 1px solid var(--c-border);
|
|||
|
z-index: 10000;
|
|||
|
}
|
|||
|
|
|||
|
header nav.show, header nav:focus-within {
|
|||
|
transform: translateY(0);
|
|||
|
}
|
|||
|
|
|||
|
header nav details summary.highlight, header nav a.highlight {
|
|||
|
background-color: var(--c-hl);
|
|||
|
color: var(--c-text-on-hl);
|
|||
|
font-weight: 500;
|
|||
|
}
|
|||
|
|
|||
|
header nav details summary:hover, header nav a:hover {
|
|||
|
background-color: var(--c-bg);
|
|||
|
}
|
|||
|
|
|||
|
header nav details summary.highlight:hover, header nav a.highlight:hover {
|
|||
|
background-color: var(--c-hl-secondary);
|
|||
|
color: var(--c-text-on-hl-secondary);
|
|||
|
}
|
|||
|
|
|||
|
header nav details {
|
|||
|
display: flex;
|
|||
|
flex-direction: column;
|
|||
|
position: relative;
|
|||
|
}
|
|||
|
|
|||
|
header nav details a {
|
|||
|
padding-inline-start: 2.5rem;
|
|||
|
}
|
|||
|
|
|||
|
@media screen and (min-width: 950px) {
|
|||
|
header .nav-toggle, header .nav-close, header nav.show .nav-close {
|
|||
|
display: none;
|
|||
|
}
|
|||
|
header nav {
|
|||
|
transform: initial;
|
|||
|
display: flex;
|
|||
|
flex-direction: row;
|
|||
|
justify-content: flex-end;
|
|||
|
position: initial;
|
|||
|
background-color: initial;
|
|||
|
min-width: unset;
|
|||
|
max-width: unset;
|
|||
|
border-inline-start: none;
|
|||
|
}
|
|||
|
header nav.show, header nav:focus-within {
|
|||
|
transform: initial;
|
|||
|
}
|
|||
|
header nav details summary, header nav a {
|
|||
|
border-block-end: none;
|
|||
|
border-inline-start: 1px solid var(--c-border);
|
|||
|
border-inline-end: 1px solid var(--c-border);
|
|||
|
padding: 0 1rem;
|
|||
|
display: flex;
|
|||
|
margin-inline-start: -1px;
|
|||
|
align-items: center;
|
|||
|
height: 100%;
|
|||
|
}
|
|||
|
header nav details:last-of-type summary {
|
|||
|
border-inline-end: none;
|
|||
|
}
|
|||
|
header nav details[open] summary {
|
|||
|
border-block-end: 1px solid var(--c-border);
|
|||
|
height: calc(100% + 1px);
|
|||
|
}
|
|||
|
header nav details div {
|
|||
|
position: absolute;
|
|||
|
right: 0;
|
|||
|
}
|
|||
|
header nav details div a {
|
|||
|
background-color: var(--c-bg-secondary);
|
|||
|
border-block-end: 1px solid var(--c-border);
|
|||
|
padding: 1rem;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
main {
|
|||
|
grid-area: main;
|
|||
|
padding: 0 var(--content-inline-padding);
|
|||
|
max-width: var(--content-max-width);
|
|||
|
min-width: 0;
|
|||
|
width: 100%;
|
|||
|
margin: 2rem auto;
|
|||
|
}
|
|||
|
|
|||
|
nav.article-nav {
|
|||
|
display: flex;
|
|||
|
flex-direction: row;
|
|||
|
justify-content: center;
|
|||
|
}
|
|||
|
|
|||
|
nav.article-nav div {
|
|||
|
width: 33%;
|
|||
|
text-align: center;
|
|||
|
}
|
|||
|
|
|||
|
footer {
|
|||
|
grid-area: footer;
|
|||
|
align-self: end;
|
|||
|
background-color: var(--c-bg-secondary);
|
|||
|
border-block-start: 1px solid var(--c-border);
|
|||
|
padding: .5rem var(--content-inline-padding);
|
|||
|
display: flex;
|
|||
|
flex-direction: row;
|
|||
|
flex-wrap: wrap;
|
|||
|
justify-content: space-between;
|
|||
|
}
|
|||
|
|
|||
|
footer div {
|
|||
|
line-height: 2;
|
|||
|
}
|
|||
|
|
|||
|
footer div .mobile-hide {
|
|||
|
display: none;
|
|||
|
}
|
|||
|
|
|||
|
footer div a {
|
|||
|
white-space: nowrap;
|
|||
|
}
|
|||
|
|
|||
|
footer div a:not([rel*=license]), footer div .copyright {
|
|||
|
display: block;
|
|||
|
}
|
|||
|
|
|||
|
@media screen and (min-width: 800px) {
|
|||
|
footer div {
|
|||
|
line-height: 1.5;
|
|||
|
}
|
|||
|
|
|||
|
footer div:last-of-type {
|
|||
|
padding-inline-start: 1rem;
|
|||
|
}
|
|||
|
|
|||
|
footer div .mobile-hide {
|
|||
|
display: inline;
|
|||
|
}
|
|||
|
|
|||
|
footer div a:not([rel*=license]), footer div .copyright {
|
|||
|
display: initial;
|
|||
|
}
|
|||
|
}
|
|||
|
</style>
|
|||
|
|
|||
|
|
|||
|
<style>aside {
|
|||
|
grid-area: aside;
|
|||
|
background-color: var(--c-bg-secondary);
|
|||
|
/* padding: var(--content-inline-padding); */
|
|||
|
border-block-start: 1px solid var(--c-border);
|
|||
|
width: 100%;
|
|||
|
height: min-content;
|
|||
|
align-self: end;
|
|||
|
display: flex;
|
|||
|
flex-direction: column;
|
|||
|
justify-content: flex-start;
|
|||
|
min-width: 30ch;
|
|||
|
overflow-y: auto;
|
|||
|
}
|
|||
|
|
|||
|
aside .title {
|
|||
|
margin-block-end: 0;
|
|||
|
margin-inline: var(--content-inline-padding);
|
|||
|
margin-block-start: 1rem;
|
|||
|
margin-block-end: .5rem;
|
|||
|
font-size: 2rem;
|
|||
|
font-weight: 500;
|
|||
|
}
|
|||
|
|
|||
|
aside details:not(:last-child) {
|
|||
|
border-block-end: 1px solid var(--c-border);
|
|||
|
}
|
|||
|
|
|||
|
aside details summary, aside a {
|
|||
|
padding: 1rem;
|
|||
|
display: flex;
|
|||
|
align-items: center;
|
|||
|
cursor: pointer;
|
|||
|
white-space: nowrap;
|
|||
|
}
|
|||
|
|
|||
|
aside a {
|
|||
|
text-decoration: none;
|
|||
|
}
|
|||
|
|
|||
|
aside details summary::before {
|
|||
|
content: "►";
|
|||
|
padding-inline-end: .3rem;
|
|||
|
}
|
|||
|
|
|||
|
aside details[open] summary::before {
|
|||
|
content: "▼";
|
|||
|
}
|
|||
|
|
|||
|
aside details summary:hover, aside a:hover, aside a.active {
|
|||
|
background-color: var(--c-bg);
|
|||
|
}
|
|||
|
|
|||
|
aside details {
|
|||
|
display: flex;
|
|||
|
flex-direction: column;
|
|||
|
position: relative;
|
|||
|
}
|
|||
|
|
|||
|
aside details a {
|
|||
|
padding-inline-start: 2.5rem;
|
|||
|
}
|
|||
|
|
|||
|
@media screen and (min-width: 800px) {
|
|||
|
aside {
|
|||
|
border-block-start: none;
|
|||
|
border-inline-end: 1px solid var(--c-border);
|
|||
|
width: max-content;
|
|||
|
height: 100%;
|
|||
|
}
|
|||
|
}
|
|||
|
</style>
|
|||
|
|
|||
|
<link rel="stylesheet" href="../static/css/additional-styles.css">
|
|||
|
<script src="../static/js/header-links.js" defer></script>
|
|||
|
</head>
|
|||
|
<body><a class="skiplink" href="certfp.html#main">Skip to content</a>
|
|||
|
<header>
|
|||
|
<a class="logo" href="../index.html" aria-label="Libera Chat, back to start page">
|
|||
|
<img alt="" src="../static/img/libera-color.svg" height="48px" data-proofer-ignore>
|
|||
|
<h1>Libera.​Chat</h1>
|
|||
|
</a>
|
|||
|
|
|||
|
<a id="nav-toggle" class="nav-toggle hidden" aria-controls="main-nav"><span>Navigation</span></a>
|
|||
|
|
|||
|
<nav class="" id="main-nav" aria-labelledby="nav-toggle" role="menubar">
|
|||
|
<a id="nav-close" class="nav-close hidden" aria-controls="main-nav"><span>Close</span></a>
|
|||
|
|
|||
|
|
|||
|
<details>
|
|||
|
<summary
|
|||
|
|
|||
|
>About</summary>
|
|||
|
|
|||
|
<div>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../policies.html"
|
|||
|
|
|||
|
><span>Network Policies</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../guidelines.html"
|
|||
|
|
|||
|
><span>Channel Guidelines</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../news.html"
|
|||
|
|
|||
|
><span>Blog & News</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../about.html"
|
|||
|
|
|||
|
><span>About Libera Chat</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../bylaws.html"
|
|||
|
|
|||
|
><span>Bylaws</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../minutes.html"
|
|||
|
|
|||
|
><span>Meeting Minutes</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../annual-reports.html"
|
|||
|
|
|||
|
><span>Annual Reports</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../sponsors.html"
|
|||
|
|
|||
|
><span>Sponsors</span></a>
|
|||
|
|
|||
|
</div>
|
|||
|
</details>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<details>
|
|||
|
<summary
|
|||
|
|
|||
|
>Contribute</summary>
|
|||
|
|
|||
|
<div>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../contributing/donate.html"
|
|||
|
|
|||
|
><span>Donate</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../contributing/sponsor.html"
|
|||
|
|
|||
|
><span>Sponsor Us</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="../contributing/development.html"
|
|||
|
|
|||
|
><span>Development</span></a>
|
|||
|
|
|||
|
</div>
|
|||
|
</details>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<a role="menuitem" href="../chanreg.html"><span>Channel Namespaces</span></a>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<a role="menuitem" href="../guides.html"><span>Guides</span></a>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<a role="menuitem" href="faq.html"><span>FAQ</span></a>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<details>
|
|||
|
<summary
|
|||
|
class="highlight"
|
|||
|
>Connect</summary>
|
|||
|
|
|||
|
<div>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="https://web.libera.chat"
|
|||
|
rel="noopener noreferrer"
|
|||
|
><span>Webchat</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="ircs://irc.libera.chat:6697"
|
|||
|
|
|||
|
><span>irc.libera.chat:6697 (TLS)</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
href="connect.html"
|
|||
|
|
|||
|
><span>How to Connect</span></a>
|
|||
|
|
|||
|
</div>
|
|||
|
</details>
|
|||
|
|
|||
|
|
|||
|
</nav>
|
|||
|
</header>
|
|||
|
<script async>
|
|||
|
const navToggle = document.querySelector('#nav-toggle')
|
|||
|
const navClose = document.querySelector('#nav-close')
|
|||
|
const mainNav = document.querySelector('#main-nav')
|
|||
|
|
|||
|
// progressive enhancement!
|
|||
|
navToggle.classList.remove('hidden')
|
|||
|
navClose.classList.remove('hidden')
|
|||
|
|
|||
|
navToggle.addEventListener('click', event => {
|
|||
|
event.preventDefault()
|
|||
|
mainNav.classList.toggle('show')
|
|||
|
})
|
|||
|
navClose.addEventListener('click', event => {
|
|||
|
event.preventDefault()
|
|||
|
mainNav.classList.remove('show')
|
|||
|
})
|
|||
|
</script>
|
|||
|
<aside role="menu">
|
|||
|
<span class="title">Guides</span>
|
|||
|
|
|||
|
|
|||
|
<details open>
|
|||
|
<summary>About IRC</summary>
|
|||
|
|
|||
|
<div>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="basics.html"
|
|||
|
><span>Basics of IRC</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="faq.html"
|
|||
|
><span>Frequently Asked Questions</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="clients.html"
|
|||
|
><span>Choosing an IRC client</span></a>
|
|||
|
|
|||
|
</div>
|
|||
|
</details>
|
|||
|
|
|||
|
|
|||
|
<details open>
|
|||
|
<summary>Helping you connect</summary>
|
|||
|
|
|||
|
<div>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="connect.html"
|
|||
|
><span>Connecting to Libera.Chat</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="webchat.html"
|
|||
|
><span>Using Our Webchat</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="sasl.html"
|
|||
|
><span>Using SASL</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
class="active"
|
|||
|
href="https://libera.chat/guides/certfp"
|
|||
|
><span>Using CertFP</span></a>
|
|||
|
|
|||
|
</div>
|
|||
|
</details>
|
|||
|
|
|||
|
|
|||
|
<details open>
|
|||
|
<summary>Using the network</summary>
|
|||
|
|
|||
|
<div>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="registration.html"
|
|||
|
><span>Nickname Registration</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="sendpass.html"
|
|||
|
><span>Resetting your Password</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="cloaks.html"
|
|||
|
><span>Cloaks</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="findingchannels.html"
|
|||
|
><span>Finding Channels</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="channels.html"
|
|||
|
><span>Using Channels</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="usermodes.html"
|
|||
|
><span>User Modes</span></a>
|
|||
|
|
|||
|
</div>
|
|||
|
</details>
|
|||
|
|
|||
|
|
|||
|
<details open>
|
|||
|
<summary>Running a channel</summary>
|
|||
|
|
|||
|
<div>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="creatingchannels.html"
|
|||
|
><span>Creating Channels</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="channelmodes.html"
|
|||
|
><span>Channel Modes</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="bots.html"
|
|||
|
><span>Network bots</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="catalyst.html"
|
|||
|
><span>Catalysing and De-escalation</span></a>
|
|||
|
|
|||
|
<a
|
|||
|
role="menuitem"
|
|||
|
|
|||
|
href="helpers.html"
|
|||
|
><span>Advice for Helpers</span></a>
|
|||
|
|
|||
|
</div>
|
|||
|
</details>
|
|||
|
|
|||
|
</aside>
|
|||
|
<main id="main">
|
|||
|
|
|||
|
<h1>Using CertFP</h1>
|
|||
|
|
|||
|
<p>As an alternative to password-based authentication, you can connect to
|
|||
|
Libera.Chat with a TLS certificate and have services recognise it
|
|||
|
automatically.</p>
|
|||
|
|
|||
|
<p>For <code class="language-plaintext highlighter-rouge">SASL EXTERNAL</code> to work, you must <a href="connect.html">connect over TLS</a>.</p>
|
|||
|
|
|||
|
<h2 id="creating-a-self-signed-certificate">Creating a self-signed certificate</h2>
|
|||
|
|
|||
|
<p>In order to follow these instructions, you will need the <code class="language-plaintext highlighter-rouge">openssl</code> utility. If
|
|||
|
you are using Windows and do not have a copy, you might consider using Cygwin.</p>
|
|||
|
|
|||
|
<p>You can generate a certificate with the following command:</p>
|
|||
|
|
|||
|
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl req <span class="nt">-x509</span> <span class="nt">-new</span> <span class="nt">-newkey</span> rsa:4096 <span class="nt">-sha256</span> <span class="nt">-days</span> 1096 <span class="nt">-nodes</span> <span class="nt">-out</span> libera.pem <span class="nt">-keyout</span> libera.pem
|
|||
|
</code></pre></div></div>
|
|||
|
|
|||
|
<p>You will be prompted for various pieces of information about the certificate.
|
|||
|
The contents do not matter for our purposes, but <code class="language-plaintext highlighter-rouge">openssl</code> needs at least one
|
|||
|
of them to be non-empty. This certificate will last about 3 years, so consider
|
|||
|
setting a calendar reminder.</p>
|
|||
|
|
|||
|
<p>The <code class="language-plaintext highlighter-rouge">.pem</code> file will have the same access to your NickServ account as your
|
|||
|
password does, so take appropriate care in securing it.</p>
|
|||
|
|
|||
|
<h2 id="inspecting-your-certificate">Inspecting your certificate</h2>
|
|||
|
|
|||
|
<p>The expiration date can be checked with the following command:</p>
|
|||
|
|
|||
|
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl x509 <span class="nt">-in</span> libera.pem <span class="nt">-noout</span> <span class="nt">-enddate</span>
|
|||
|
</code></pre></div></div>
|
|||
|
|
|||
|
<p>The fingerprint can be checked with the following command:</p>
|
|||
|
|
|||
|
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl x509 <span class="nt">-in</span> libera.pem <span class="nt">-noout</span> <span class="nt">-fingerprint</span> <span class="nt">-sha512</span> | <span class="nb">awk</span> <span class="nt">-F</span><span class="o">=</span> <span class="s1">'{gsub(":",""); print tolower ($2)}'</span>
|
|||
|
</code></pre></div></div>
|
|||
|
|
|||
|
<h2 id="connecting-to-liberachat-with-your-certificate">Connecting to Libera.Chat with your certificate</h2>
|
|||
|
|
|||
|
<p>IRC clients generally differ in where they look for a certificate and how you
|
|||
|
configure them to offer it to the server. If yours is not yet listed here,
|
|||
|
advice in this section is unlikely to apply, but guides may be available
|
|||
|
elsewhere on the web.</p>
|
|||
|
|
|||
|
<h3 id="irssi">Irssi</h3>
|
|||
|
|
|||
|
<p>Move the certificates you created above to ~/.irssi/certs</p>
|
|||
|
|
|||
|
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">mkdir</span> ~/.irssi/certs
|
|||
|
<span class="nb">mv </span>libera.pem ~/.irssi/certs
|
|||
|
</code></pre></div></div>
|
|||
|
|
|||
|
<p>Configure your <code class="language-plaintext highlighter-rouge">/server</code> entry for Libera.Chat to use this certificate. You
|
|||
|
may need to adapt this example for your existing configuration (the network
|
|||
|
and hostname should match what you already use).</p>
|
|||
|
|
|||
|
<pre><code class="language-irc">/server add -tls_cert ~/.irssi/certs/libera.pem -network LiberaChat irc.libera.chat 6697
|
|||
|
</code></pre>
|
|||
|
|
|||
|
<p>For the first time, connect to Libera.Chat using password authentication so
|
|||
|
that you can add the certificate fingerprint to NickServ.</p>
|
|||
|
|
|||
|
<pre><code class="language-irc">/connect LiberaChat
|
|||
|
</code></pre>
|
|||
|
|
|||
|
<p>Now follow the instructions <a href="certfp.html#add-your-fingerprint-to-nickserv">to add the fingerprint</a>.
|
|||
|
When done, you can switch the authentication to certificates.</p>
|
|||
|
|
|||
|
<pre><code class="language-irc">/disconnect LiberaChat
|
|||
|
/network add -sasl_password '' -sasl_mechanism EXTERNAL LiberaChat
|
|||
|
/connect LiberaChat
|
|||
|
</code></pre>
|
|||
|
|
|||
|
<p>If you did everything right you should now be authenticated using your
|
|||
|
certificate.</p>
|
|||
|
|
|||
|
<h3 id="weechat">weechat</h3>
|
|||
|
|
|||
|
<p>Move the certificates you created above to ~/.weechat/certs</p>
|
|||
|
|
|||
|
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">mkdir</span> ~/.weechat/certs
|
|||
|
<span class="nb">mv </span>libera.pem ~/.weechat/certs
|
|||
|
</code></pre></div></div>
|
|||
|
|
|||
|
<p>Now disconnect and remove the current Libera.Chat server(s). Re-add it with
|
|||
|
the SSL flag, using your newly generated certificate. Note that these commands
|
|||
|
are just examples, you have to adapt them to your current servers.</p>
|
|||
|
|
|||
|
<pre><code class="language-irc">/set irc.server.liberachat.addresses irc.libera.chat/6697
|
|||
|
/set irc.server.liberachat.ssl on
|
|||
|
/set irc.server.liberachat.ssl_verify on
|
|||
|
/set irc.server.liberachat.ssl_cert %h/certs/libera.pem
|
|||
|
/set irc.server.liberachat.sasl_mechanism external
|
|||
|
</code></pre>
|
|||
|
|
|||
|
<p>and then reconnect to Libera.Chat.</p>
|
|||
|
|
|||
|
<h3 id="znc">znc</h3>
|
|||
|
|
|||
|
<p>Refer to znc’s <a href="https://wiki.znc.in/Cert">official documentation</a>.</p>
|
|||
|
|
|||
|
<h3 id="hexchat">HexChat</h3>
|
|||
|
|
|||
|
<p>Place the .pem file in <code class="language-plaintext highlighter-rouge">certs/client.pem</code> in the HexChat config
|
|||
|
directory (<code class="language-plaintext highlighter-rouge">~/.config/hexchat/</code> or <code class="language-plaintext highlighter-rouge">%appdata%\HexChat</code>). Note
|
|||
|
that the <code class="language-plaintext highlighter-rouge">certs</code> directory does not exist by default and you will have to
|
|||
|
create it yourself. Once the file is there, all subsequent SSL connections
|
|||
|
will use the certificate.</p>
|
|||
|
|
|||
|
<p>If you connect to multiple IRC networks, you should keep in mind that using
|
|||
|
the filename <code class="language-plaintext highlighter-rouge">certs/client.pem</code> will send the same certificate to all networks.
|
|||
|
If you prefer per-network certificates, use the name of the network exactly
|
|||
|
as it appears in the network list (Ctrl-S), including capitalisation and
|
|||
|
punctuation (e.g. <code class="language-plaintext highlighter-rouge">certs/libera.pem</code> or <code class="language-plaintext highlighter-rouge">certs/Example Server.pem</code>).</p>
|
|||
|
|
|||
|
<h3 id="konversation">Konversation</h3>
|
|||
|
|
|||
|
<p>Create the .pem file as per above, then place it wherever you want.
|
|||
|
Start Konversation, then open the Identity dialogue by either pressing
|
|||
|
<kbd>F8</kbd> or via the Settings menu entry. Choose the identity you use
|
|||
|
for the Libera.Chat network or create a new one.
|
|||
|
In the part <code class="language-plaintext highlighter-rouge">Auto Identify</code> you have to choose <code class="language-plaintext highlighter-rouge">SASL External (Cert)</code>
|
|||
|
as the <code class="language-plaintext highlighter-rouge">Type</code> for SASL External or <code class="language-plaintext highlighter-rouge">SSL CLient Certificate</code> for CertFP.
|
|||
|
SASL External requires at least version 1.7 of Konversation.
|
|||
|
Optionally fill in your account name in the <code class="language-plaintext highlighter-rouge">Account</code> field.
|
|||
|
You can then choose the certificate you created with the file picker
|
|||
|
or enter the path manually in the field next to it.
|
|||
|
Once done, apply the configuration and (re)connect to Libera.Chat.</p>
|
|||
|
|
|||
|
<h3 id="revolution">Revolution</h3>
|
|||
|
|
|||
|
<p>Create the .pem file as per above, transfer it to your Android device, and
|
|||
|
place it wherever you want (<code class="language-plaintext highlighter-rouge">Downloads</code> is a common location).
|
|||
|
Start Revolution and navigate to the <code class="language-plaintext highlighter-rouge">Manage servers</code> screen if you are not
|
|||
|
there already, long-press on the server you wish configure certFP for, and
|
|||
|
select <code class="language-plaintext highlighter-rouge">Edit</code>. When presented with the <code class="language-plaintext highlighter-rouge">Edit a server</code> screen, tap on
|
|||
|
<code class="language-plaintext highlighter-rouge">Authentication mode</code> and select <code class="language-plaintext highlighter-rouge">Client certificate (CertFP)</code>, then tap on
|
|||
|
<code class="language-plaintext highlighter-rouge">IMPORT PEM</code> and navigate to where where you put the pem file and select it.
|
|||
|
Tap the tick symbol on the top right of the <code class="language-plaintext highlighter-rouge">Edit a server</code> screen to save.</p>
|
|||
|
|
|||
|
<p>Alternatively, Revolution has the ability to generate a client certificate for
|
|||
|
you. Once you are presented with <code class="language-plaintext highlighter-rouge">IMPORT PEM</code>, there will also be an option
|
|||
|
to <code class="language-plaintext highlighter-rouge">CREATE NEW</code> and when you tap this, a certificate will be randomly generated
|
|||
|
and a certificate fingerprint will be displayed. Tap the tick symbol on the top
|
|||
|
right of the screen to save.</p>
|
|||
|
|
|||
|
<h2 id="add-your-fingerprint-to-nickserv">Add your fingerprint to NickServ</h2>
|
|||
|
|
|||
|
<p>You can then check whether you have a fingerprint by using <code class="language-plaintext highlighter-rouge">whois</code> on yourself:</p>
|
|||
|
|
|||
|
<pre><code class="language-irc">/whois YourOwnNick
|
|||
|
...
|
|||
|
YourOwnNick has client certificate fingerprint 959c0bdfa9877d3466c5848f55264f72f132c657b002b79fda65dbe36c67f4bb3d2a3e2e9925cb5896a53c76169c5bb71b7853bd90192068dc77f4b20159a1d8
|
|||
|
...
|
|||
|
</code></pre>
|
|||
|
|
|||
|
<p>To allow NickServ to recognise you based on your certificate, you need to add
|
|||
|
the <strong>sha512</strong> fingerprint to your account (you will need to log in by other
|
|||
|
means in order to do so).</p>
|
|||
|
|
|||
|
<p>You can then authorise your current certificate fingerprint:</p>
|
|||
|
|
|||
|
<pre><code class="language-irc">/msg NickServ CERT ADD
|
|||
|
</code></pre>
|
|||
|
|
|||
|
<p>In the future, any connections you make to Libera.Chat with your certificate
|
|||
|
will be logged into your account automatically. Optionally, or if you wish to
|
|||
|
<a href="connect.html">connect via Tor</a>, you can enable SASL with the <code class="language-plaintext highlighter-rouge">EXTERNAL</code> mechanism.</p>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<hr>
|
|||
|
<p>Based on content © 2016-2021 <a href="https://github.com/freenode/web-7.0/graphs/contributors">freenode/web7.0’s contributors</a>
|
|||
|
under <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/">Creative Commons BY-NC-SA</a></p>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
</main><footer>
|
|||
|
<div>
|
|||
|
<span class="copyright">© Libera Chat's contributors 2021</span>
|
|||
|
(<a rel="license noopener noreferrer" href="../LICENSE-content.txt">Content CC BY-NC-SA</a>,
|
|||
|
<a rel="license noopener noreferrer" href="../LICENSE-code.txt">Code MIT</a>)
|
|||
|
<span class="mobile-hide">/</span>
|
|||
|
<a href="../atom.xml">Feed (atom)</a>
|
|||
|
<span class="mobile-hide">/</span>
|
|||
|
<a href="../privacy.html">Privacy</a>
|
|||
|
</div>
|
|||
|
<div>
|
|||
|
<a rel="me noopener noreferrer" href="https://fosstodon.org/@liberachat">Mastodon</a>
|
|||
|
<span class="mobile-hide">/</span>
|
|||
|
<a href="https://github.com/Libera-Chat/libera-chat.github.io" rel="noopener noreferrer">GitHub</a>
|
|||
|
<span class="mobile-hide">/</span>
|
|||
|
<a href="https://twitter.com/liberachat" rel="noopener noreferrer">Twitter</a>
|
|||
|
<span class="mobile-hide">/</span>
|
|||
|
<a href="https://facebook.com/liberachat" rel="noopener noreferrer">Facebook</a>
|
|||
|
</div>
|
|||
|
</footer>
|