marcuskammer/emacs.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
emacs.d/clones/libera.chat/guides/certfp.html
Marcus Kammer 7e48bb96c8
Update clones
2022-10-07 15:47:14 +02:00

1020 lines
31 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en"><head>
<link rel="preload" href="../static/fonts/comfortaa-v30-subset-regular.woff2" as="font" type="font/woff2" crossorigin>
<link rel="preload" href="../static/fonts/ubuntu-v15-latin-regular.woff2" as="font" type="font/woff2" crossorigin>
<link rel="preload" href="../static/fonts/ubuntu-v15-subset-500.woff2" as="font" type="font/woff2" crossorigin>
<link rel="preload" href="../static/img/libera-color.svg" as="image" type="image/svg+xml">
<meta charset="utf-8">
<meta content="IE=edge" http-equiv="X-UA-Compatible">
<meta content="width=device-width, initial-scale=1" name="viewport"><!-- Begin Jekyll SEO tag v2.8.0 -->
<title>Using CertFP | Libera Chat</title>
<meta name="generator" content="Jekyll v3.9.2" />
<meta property="og:title" content="Using CertFP" />
<meta property="og:locale" content="en_GB" />
<meta name="description" content="As an alternative to password-based authentication, you can connect to Libera.Chat with a TLS certificate and have services recognise it automatically." />
<meta property="og:description" content="As an alternative to password-based authentication, you can connect to Libera.Chat with a TLS certificate and have services recognise it automatically." />
<link rel="canonical" href="https://libera.chat/guides/certfp" />
<meta property="og:url" content="https://libera.chat/guides/certfp" />
<meta property="og:site_name" content="Libera Chat" />
<meta property="og:type" content="article" />
<meta property="article:published_time" content="2022-10-03T18:36:48+00:00" />
<meta name="twitter:card" content="summary" />
<meta property="twitter:title" content="Using CertFP" />
<meta name="twitter:site" content="@liberachat" />
<meta property="article:publisher" content="liberachat" />
<script type="application/ld+json">
{"@context":"https://schema.org","@type":"TechArticle","dateModified":"2022-10-03T18:36:48+00:00","datePublished":"2022-10-03T18:36:48+00:00","description":"As an alternative to password-based authentication, you can connect to Libera.Chat with a TLS certificate and have services recognise it automatically.","headline":"Using CertFP","url":"https://libera.chat/guides/certfp"}</script>
<!-- End Jekyll SEO tag -->
<link rel="icon" type="image/svg+xml" href="../static/img/libera-color.svg">
<link rel="alternate icon" href="../favicon.ico">
<!-- Stylesheets -->
<style>/*! modern-normalize v1.0.0 | MIT License | https://github.com/sindresorhus/modern-normalize */
*,::after,::before{box-sizing:border-box}:root{-moz-tab-size:4;tab-size:4}html{line-height:1.15;-webkit-text-size-adjust:100%}body{margin:0}body{font-family:system-ui,-apple-system,'Segoe UI',Roboto,Helvetica,Arial,sans-serif,'Apple Color Emoji','Segoe UI Emoji'}hr{height:0;color:inherit}abbr[title]{text-decoration:underline dotted}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Consolas,'Liberation Mono',Menlo,monospace;font-size:1em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}table{text-indent:0;border-color:inherit}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,select{text-transform:none}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}::-moz-focus-inner{border-style:none;padding:0}:-moz-focusring{outline:1px dotted ButtonText}:-moz-ui-invalid{box-shadow:none}legend{padding:0}progress{vertical-align:baseline}::-webkit-inner-spin-button,::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}summary{display:list-item}</style>
<style>@font-face {
/* comfortaa-regular - subset */
font-family: 'Comfortaa';
src: url('../static/fonts/comfortaa-v30-subset-regular.woff2') format('woff2'), url('../static/fonts/comfortaa-v30-subset-regular.woff') format('woff'), url('../static/fonts/comfortaa-v30-subset-regular.ttf') format('truetype');
font-style: normal;
font-weight: 400;
font-display: swap;
/* . C L a b e h i r t */
unicode-range: U+002E, U+0043, U+004C, U+0061-0062, U+0065, U+0068-0069, U+0072, U+0074;
}
@font-face {
/* ubuntu-regular - latin */
font-family: 'Ubuntu';
src: local(''), url('../static/fonts/ubuntu-v15-latin-regular.woff2') format('woff2'), url('../static/fonts/ubuntu-v15-latin-regular.woff') format('woff'), url('../static/fonts/ubuntu-v15-latin-regular.ttf') format('truetype');
font-style: normal;
font-weight: 400;
font-display: swap;
}
@font-face {
/* ubuntu-500 - subset */
font-family: 'Ubuntu';
src: local(''), url('../static/fonts/ubuntu-v15-subset-500.woff2') format('woff2'), url('../static/fonts/ubuntu-v15-subset-500.woff') format('woff'), url('../static/fonts/ubuntu-v15-subset-500.ttf') format('truetype');
font-style: normal;
font-weight: 500;
font-display: swap;
/* C c e n o t */
unicode-range: U+0043 U+0063 U+0065 U+006E U+006F U+0074;
}
:root {
--header-height: 4rem;
--content-inline-padding: 1.3rem;
--content-max-width: 80ch;
/* define our palette for all themes */
--white: #fff;
--gray-100: #f3f4f6;
--gray-200: #e5e7eb;
--gray-300: #d1d5db;
--gray-400: #9ca3af;
--gray-800: #1f2937;
--gray-900: #111827;
--brand-purple: #5555ff;
--brand-pink: #ff55dd;
/* light-theme vars */
--c-bg: var(--gray-100);
--c-bg-secondary: var(--white);
--c-text: var(--gray-800);
--c-border: var(--gray-300);
--c-hl: var(--brand-pink);
--c-hl-secondary: var(--brand-purple);
--c-text-on-hl: var(--gray-800);
--c-text-on-hl-secondary: var(--white);
}
@media (prefers-color-scheme: dark) {
:root {
--c-bg: var(--gray-800);
--c-bg-secondary: var(--gray-900);
--c-text: var(--gray-200);
--c-border: var(--gray-400);
}
}
* {
color: var(--c-text);
box-sizing: border-box;
font-family: Ubuntu, sans-serif;
letter-spacing: .1ch;
}
main *, .hero * {
line-height: 1.5;
}
body {
background-color: var(--c-bg);
min-height: 100vh;
display: grid;
grid-template-rows: var(--header-height) min-content auto auto min-content;
grid-template-columns: 1fr;
grid-template-areas: "header" "hero" "main" "aside" "footer";
}
a {
text-decoration: underline;
text-underline-offset: .05rem;
}
a:hover {
text-underline-offset: .25rem;
color: var(--c-hl);
}
h1, h2, h3, h4, h5, h6, p {
word-break: break-word;
scroll-margin-block-start: 4.5rem;
}
h1, h2, h3, h4, h5, h6, strong {
font-weight: 500;
}
em {
font-style: italic;
}
h1, h2, h3, h4, h5, h6 {
margin-block-end: 0;
}
h1+*, h2+*, h3+*, h4+*, h5+*, h6+* {
margin-block-start: 0;
}
main h1 {
font-size: 2.25rem;
}
main h2 {
font-size: 1.5rem;
}
main h3 {
font-size: 1.25rem;
}
main :is(h2, h3, h4, h5, h6) a {
text-decoration: none;
position: relative;
}
main :is(h2, h3, h4, h5, h6) a:hover::before {
content: '#';
position: absolute;
left: -1.5ch;
bottom: 0;
font-weight: normal;
font-size: 1rem;
}
@media screen and (min-width: 800px) {
body {
grid-template-columns: min-content 8fr;
grid-template-rows: 4rem min-content auto min-content;
grid-template-areas: "header header" "hero hero" "aside main" "footer footer";
}
}
.skiplink {
z-index: 9999;
transform: translateY(calc(-100% - 1rem));
display: block;
position: absolute;
height: 4rem;
padding: var(--content-inline-padding);
background-color: var(--c-bg);
border-inline-end: 1px solid var(--c-border);
border-block-end: 1px solid var(--c-border);
}
.skiplink:focus {
z-index: 9999;
transform: translateY(0);
}
header {
grid-area: header;
height: var(--header-height);
border-block-end: 1px solid var(--c-border);
background-color: var(--c-bg-secondary);
position: sticky;
top: 0;
z-index: 1000;
display: flex;
flex-direction: row;
flex-wrap: nowrap;
justify-content: space-between;
}
header a {
text-decoration: none;
}
header .logo {
display: flex;
flex-wrap: nowrap;
align-items: center;
height: 100%;
padding-inline-start: var(--content-inline-padding);
}
header .logo img {
padding-block-end: .3rem;
}
header .logo h1 {
margin: 0;
margin-bottom: -.4rem;
font-size: 1.7rem;
line-height: 1;
font-family: Comfortaa, Ubuntu, sans-serif;
font-weight: bold;
}
header .nav-toggle {
display: block;
border-inline-start: 1px solid var(--c-border);
padding: 0 1rem;
display: flex;
align-items: center;
cursor: pointer;
}
header nav details summary, header nav a {
border-block-end: 1px solid var(--c-border);
padding: 1rem;
display: flex;
align-items: center;
cursor: pointer;
white-space: nowrap;
}
header nav details summary::before {
content: "►";
padding-inline-end: .3rem;
}
header nav details[open] summary::before {
content: "▼";
}
header nav .nav-close {
display: none;
}
header nav.show .nav-close {
display: flex;
}
header nav {
transform: translateY(calc(-100% - 1rem));
display: flex;
flex-direction: column;
justify-content: flex-start;
position: fixed;
right: 0;
top: 0;
bottom: 0;
background-color: var(--c-bg-secondary);
min-width: 20rem;
max-width: 30rem;
border-inline-start: 1px solid var(--c-border);
z-index: 10000;
}
header nav.show, header nav:focus-within {
transform: translateY(0);
}
header nav details summary.highlight, header nav a.highlight {
background-color: var(--c-hl);
color: var(--c-text-on-hl);
font-weight: 500;
}
header nav details summary:hover, header nav a:hover {
background-color: var(--c-bg);
}
header nav details summary.highlight:hover, header nav a.highlight:hover {
background-color: var(--c-hl-secondary);
color: var(--c-text-on-hl-secondary);
}
header nav details {
display: flex;
flex-direction: column;
position: relative;
}
header nav details a {
padding-inline-start: 2.5rem;
}
@media screen and (min-width: 950px) {
header .nav-toggle, header .nav-close, header nav.show .nav-close {
display: none;
}
header nav {
transform: initial;
display: flex;
flex-direction: row;
justify-content: flex-end;
position: initial;
background-color: initial;
min-width: unset;
max-width: unset;
border-inline-start: none;
}
header nav.show, header nav:focus-within {
transform: initial;
}
header nav details summary, header nav a {
border-block-end: none;
border-inline-start: 1px solid var(--c-border);
border-inline-end: 1px solid var(--c-border);
padding: 0 1rem;
display: flex;
margin-inline-start: -1px;
align-items: center;
height: 100%;
}
header nav details:last-of-type summary {
border-inline-end: none;
}
header nav details[open] summary {
border-block-end: 1px solid var(--c-border);
height: calc(100% + 1px);
}
header nav details div {
position: absolute;
right: 0;
}
header nav details div a {
background-color: var(--c-bg-secondary);
border-block-end: 1px solid var(--c-border);
padding: 1rem;
}
}
main {
grid-area: main;
padding: 0 var(--content-inline-padding);
max-width: var(--content-max-width);
min-width: 0;
width: 100%;
margin: 2rem auto;
}
nav.article-nav {
display: flex;
flex-direction: row;
justify-content: center;
}
nav.article-nav div {
width: 33%;
text-align: center;
}
footer {
grid-area: footer;
align-self: end;
background-color: var(--c-bg-secondary);
border-block-start: 1px solid var(--c-border);
padding: .5rem var(--content-inline-padding);
display: flex;
flex-direction: row;
flex-wrap: wrap;
justify-content: space-between;
}
footer div {
line-height: 2;
}
footer div .mobile-hide {
display: none;
}
footer div a {
white-space: nowrap;
}
footer div a:not([rel*=license]), footer div .copyright {
display: block;
}
@media screen and (min-width: 800px) {
footer div {
line-height: 1.5;
}
footer div:last-of-type {
padding-inline-start: 1rem;
}
footer div .mobile-hide {
display: inline;
}
footer div a:not([rel*=license]), footer div .copyright {
display: initial;
}
}
</style>
<style>aside {
grid-area: aside;
background-color: var(--c-bg-secondary);
/* padding: var(--content-inline-padding); */
border-block-start: 1px solid var(--c-border);
width: 100%;
height: min-content;
align-self: end;
display: flex;
flex-direction: column;
justify-content: flex-start;
min-width: 30ch;
overflow-y: auto;
}
aside .title {
margin-block-end: 0;
margin-inline: var(--content-inline-padding);
margin-block-start: 1rem;
margin-block-end: .5rem;
font-size: 2rem;
font-weight: 500;
}
aside details:not(:last-child) {
border-block-end: 1px solid var(--c-border);
}
aside details summary, aside a {
padding: 1rem;
display: flex;
align-items: center;
cursor: pointer;
white-space: nowrap;
}
aside a {
text-decoration: none;
}
aside details summary::before {
content: "►";
padding-inline-end: .3rem;
}
aside details[open] summary::before {
content: "▼";
}
aside details summary:hover, aside a:hover, aside a.active {
background-color: var(--c-bg);
}
aside details {
display: flex;
flex-direction: column;
position: relative;
}
aside details a {
padding-inline-start: 2.5rem;
}
@media screen and (min-width: 800px) {
aside {
border-block-start: none;
border-inline-end: 1px solid var(--c-border);
width: max-content;
height: 100%;
}
}
</style>
<link rel="stylesheet" href="../static/css/additional-styles.css">
<script src="../static/js/header-links.js" defer></script>
</head>
<body><a class="skiplink" href="certfp.html#main">Skip to content</a>
<header>
<a class="logo" href="../index.html" aria-label="Libera Chat, back to start page">
<img alt="" src="../static/img/libera-color.svg" height="48px" data-proofer-ignore>
<h1>Libera.&ZeroWidthSpace;Chat</h1>
</a>
<a id="nav-toggle" class="nav-toggle hidden" aria-controls="main-nav"><span>Navigation</span></a>
<nav class="" id="main-nav" aria-labelledby="nav-toggle" role="menubar">
<a id="nav-close" class="nav-close hidden" aria-controls="main-nav"><span>Close</span></a>
<details>
<summary
>About</summary>
<div>
<a
role="menuitem"
href="../policies.html"
><span>Network Policies</span></a>
<a
role="menuitem"
href="../guidelines.html"
><span>Channel Guidelines</span></a>
<a
role="menuitem"
href="../news.html"
><span>Blog & News</span></a>
<a
role="menuitem"
href="../about.html"
><span>About Libera Chat</span></a>
<a
role="menuitem"
href="../bylaws.html"
><span>Bylaws</span></a>
<a
role="menuitem"
href="../minutes.html"
><span>Meeting Minutes</span></a>
<a
role="menuitem"
href="../annual-reports.html"
><span>Annual Reports</span></a>
<a
role="menuitem"
href="../sponsors.html"
><span>Sponsors</span></a>
</div>
</details>
<details>
<summary
>Contribute</summary>
<div>
<a
role="menuitem"
href="../contributing/donate.html"
><span>Donate</span></a>
<a
role="menuitem"
href="../contributing/sponsor.html"
><span>Sponsor Us</span></a>
<a
role="menuitem"
href="../contributing/development.html"
><span>Development</span></a>
</div>
</details>
<a role="menuitem" href="../chanreg.html"><span>Channel Namespaces</span></a>
<a role="menuitem" href="../guides.html"><span>Guides</span></a>
<a role="menuitem" href="faq.html"><span>FAQ</span></a>
<details>
<summary
class="highlight"
>Connect</summary>
<div>
<a
role="menuitem"
href="https://web.libera.chat"
rel="noopener noreferrer"
><span>Webchat</span></a>
<a
role="menuitem"
href="ircs://irc.libera.chat:6697"
><span>irc.libera.chat:6697 (TLS)</span></a>
<a
role="menuitem"
href="connect.html"
><span>How to Connect</span></a>
</div>
</details>
</nav>
</header>
<script async>
const navToggle = document.querySelector('#nav-toggle')
const navClose = document.querySelector('#nav-close')
const mainNav = document.querySelector('#main-nav')
// progressive enhancement!
navToggle.classList.remove('hidden')
navClose.classList.remove('hidden')
navToggle.addEventListener('click', event => {
event.preventDefault()
mainNav.classList.toggle('show')
})
navClose.addEventListener('click', event => {
event.preventDefault()
mainNav.classList.remove('show')
})
</script>
<aside role="menu">
<span class="title">Guides</span>
<details open>
<summary>About IRC</summary>
<div>
<a
role="menuitem"
href="basics.html"
><span>Basics of IRC</span></a>
<a
role="menuitem"
href="faq.html"
><span>Frequently Asked Questions</span></a>
<a
role="menuitem"
href="clients.html"
><span>Choosing an IRC client</span></a>
</div>
</details>
<details open>
<summary>Helping you connect</summary>
<div>
<a
role="menuitem"
href="connect.html"
><span>Connecting to Libera.Chat</span></a>
<a
role="menuitem"
href="webchat.html"
><span>Using Our Webchat</span></a>
<a
role="menuitem"
href="sasl.html"
><span>Using SASL</span></a>
<a
role="menuitem"
class="active"
href="https://libera.chat/guides/certfp"
><span>Using CertFP</span></a>
</div>
</details>
<details open>
<summary>Using the network</summary>
<div>
<a
role="menuitem"
href="registration.html"
><span>Nickname Registration</span></a>
<a
role="menuitem"
href="sendpass.html"
><span>Resetting your Password</span></a>
<a
role="menuitem"
href="cloaks.html"
><span>Cloaks</span></a>
<a
role="menuitem"
href="findingchannels.html"
><span>Finding Channels</span></a>
<a
role="menuitem"
href="channels.html"
><span>Using Channels</span></a>
<a
role="menuitem"
href="usermodes.html"
><span>User Modes</span></a>
</div>
</details>
<details open>
<summary>Running a channel</summary>
<div>
<a
role="menuitem"
href="creatingchannels.html"
><span>Creating Channels</span></a>
<a
role="menuitem"
href="channelmodes.html"
><span>Channel Modes</span></a>
<a
role="menuitem"
href="bots.html"
><span>Network bots</span></a>
<a
role="menuitem"
href="catalyst.html"
><span>Catalysing and De-escalation</span></a>
<a
role="menuitem"
href="helpers.html"
><span>Advice for Helpers</span></a>
</div>
</details>
</aside>
<main id="main">
<h1>Using CertFP</h1>
<p>As an alternative to password-based authentication, you can connect to
Libera.Chat with a TLS certificate and have services recognise it
automatically.</p>
<p>For <code class="language-plaintext highlighter-rouge">SASL EXTERNAL</code> to work, you must <a href="connect.html">connect over TLS</a>.</p>
<h2 id="creating-a-self-signed-certificate">Creating a self-signed certificate</h2>
<p>In order to follow these instructions, you will need the <code class="language-plaintext highlighter-rouge">openssl</code> utility. If
you are using Windows and do not have a copy, you might consider using Cygwin.</p>
<p>You can generate a certificate with the following command:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl req <span class="nt">-x509</span> <span class="nt">-new</span> <span class="nt">-newkey</span> rsa:4096 <span class="nt">-sha256</span> <span class="nt">-days</span> 1096 <span class="nt">-nodes</span> <span class="nt">-out</span> libera.pem <span class="nt">-keyout</span> libera.pem
</code></pre></div></div>
<p>You will be prompted for various pieces of information about the certificate.
The contents do not matter for our purposes, but <code class="language-plaintext highlighter-rouge">openssl</code> needs at least one
of them to be non-empty. This certificate will last about 3 years, so consider
setting a calendar reminder.</p>
<p>The <code class="language-plaintext highlighter-rouge">.pem</code> file will have the same access to your NickServ account as your
password does, so take appropriate care in securing it.</p>
<h2 id="inspecting-your-certificate">Inspecting your certificate</h2>
<p>The expiration date can be checked with the following command:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl x509 <span class="nt">-in</span> libera.pem <span class="nt">-noout</span> <span class="nt">-enddate</span>
</code></pre></div></div>
<p>The fingerprint can be checked with the following command:</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code>openssl x509 <span class="nt">-in</span> libera.pem <span class="nt">-noout</span> <span class="nt">-fingerprint</span> <span class="nt">-sha512</span> | <span class="nb">awk</span> <span class="nt">-F</span><span class="o">=</span> <span class="s1">'{gsub(":",""); print tolower ($2)}'</span>
</code></pre></div></div>
<h2 id="connecting-to-liberachat-with-your-certificate">Connecting to Libera.Chat with your certificate</h2>
<p>IRC clients generally differ in where they look for a certificate and how you
configure them to offer it to the server. If yours is not yet listed here,
advice in this section is unlikely to apply, but guides may be available
elsewhere on the web.</p>
<h3 id="irssi">Irssi</h3>
<p>Move the certificates you created above to ~/.irssi/certs</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">mkdir</span> ~/.irssi/certs
<span class="nb">mv </span>libera.pem ~/.irssi/certs
</code></pre></div></div>
<p>Configure your <code class="language-plaintext highlighter-rouge">/server</code> entry for Libera.Chat to use this certificate. You
may need to adapt this example for your existing configuration (the network
and hostname should match what you already use).</p>
<pre><code class="language-irc">/server add -tls_cert ~/.irssi/certs/libera.pem -network LiberaChat irc.libera.chat 6697
</code></pre>
<p>For the first time, connect to Libera.Chat using password authentication so
that you can add the certificate fingerprint to NickServ.</p>
<pre><code class="language-irc">/connect LiberaChat
</code></pre>
<p>Now follow the instructions <a href="certfp.html#add-your-fingerprint-to-nickserv">to add the fingerprint</a>.
When done, you can switch the authentication to certificates.</p>
<pre><code class="language-irc">/disconnect LiberaChat
/network add -sasl_password '' -sasl_mechanism EXTERNAL LiberaChat
/connect LiberaChat
</code></pre>
<p>If you did everything right you should now be authenticated using your
certificate.</p>
<h3 id="weechat">weechat</h3>
<p>Move the certificates you created above to ~/.weechat/certs</p>
<div class="language-sh highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">mkdir</span> ~/.weechat/certs
<span class="nb">mv </span>libera.pem ~/.weechat/certs
</code></pre></div></div>
<p>Now disconnect and remove the current Libera.Chat server(s). Re-add it with
the SSL flag, using your newly generated certificate. Note that these commands
are just examples, you have to adapt them to your current servers.</p>
<pre><code class="language-irc">/set irc.server.liberachat.addresses irc.libera.chat/6697
/set irc.server.liberachat.ssl on
/set irc.server.liberachat.ssl_verify on
/set irc.server.liberachat.ssl_cert %h/certs/libera.pem
/set irc.server.liberachat.sasl_mechanism external
</code></pre>
<p>and then reconnect to Libera.Chat.</p>
<h3 id="znc">znc</h3>
<p>Refer to zncs <a href="https://wiki.znc.in/Cert">official documentation</a>.</p>
<h3 id="hexchat">HexChat</h3>
<p>Place the .pem file in <code class="language-plaintext highlighter-rouge">certs/client.pem</code> in the HexChat config
directory (<code class="language-plaintext highlighter-rouge">~/.config/hexchat/</code> or <code class="language-plaintext highlighter-rouge">%appdata%\HexChat</code>). Note
that the <code class="language-plaintext highlighter-rouge">certs</code> directory does not exist by default and you will have to
create it yourself. Once the file is there, all subsequent SSL connections
will use the certificate.</p>
<p>If you connect to multiple IRC networks, you should keep in mind that using
the filename <code class="language-plaintext highlighter-rouge">certs/client.pem</code> will send the same certificate to all networks.
If you prefer per-network certificates, use the name of the network exactly
as it appears in the network list (Ctrl-S), including capitalisation and
punctuation (e.g. <code class="language-plaintext highlighter-rouge">certs/libera.pem</code> or <code class="language-plaintext highlighter-rouge">certs/Example Server.pem</code>).</p>
<h3 id="konversation">Konversation</h3>
<p>Create the .pem file as per above, then place it wherever you want.
Start Konversation, then open the Identity dialogue by either pressing
<kbd>F8</kbd> or via the Settings menu entry. Choose the identity you use
for the Libera.Chat network or create a new one.
In the part <code class="language-plaintext highlighter-rouge">Auto Identify</code> you have to choose <code class="language-plaintext highlighter-rouge">SASL External (Cert)</code>
as the <code class="language-plaintext highlighter-rouge">Type</code> for SASL External or <code class="language-plaintext highlighter-rouge">SSL CLient Certificate</code> for CertFP.
SASL External requires at least version 1.7 of Konversation.
Optionally fill in your account name in the <code class="language-plaintext highlighter-rouge">Account</code> field.
You can then choose the certificate you created with the file picker
or enter the path manually in the field next to it.
Once done, apply the configuration and (re)connect to Libera.Chat.</p>
<h3 id="revolution">Revolution</h3>
<p>Create the .pem file as per above, transfer it to your Android device, and
place it wherever you want (<code class="language-plaintext highlighter-rouge">Downloads</code> is a common location).
Start Revolution and navigate to the <code class="language-plaintext highlighter-rouge">Manage servers</code> screen if you are not
there already, long-press on the server you wish configure certFP for, and
select <code class="language-plaintext highlighter-rouge">Edit</code>. When presented with the <code class="language-plaintext highlighter-rouge">Edit a server</code> screen, tap on
<code class="language-plaintext highlighter-rouge">Authentication mode</code> and select <code class="language-plaintext highlighter-rouge">Client certificate (CertFP)</code>, then tap on
<code class="language-plaintext highlighter-rouge">IMPORT PEM</code> and navigate to where where you put the pem file and select it.
Tap the tick symbol on the top right of the <code class="language-plaintext highlighter-rouge">Edit a server</code> screen to save.</p>
<p>Alternatively, Revolution has the ability to generate a client certificate for
you. Once you are presented with <code class="language-plaintext highlighter-rouge">IMPORT PEM</code>, there will also be an option
to <code class="language-plaintext highlighter-rouge">CREATE NEW</code> and when you tap this, a certificate will be randomly generated
and a certificate fingerprint will be displayed. Tap the tick symbol on the top
right of the screen to save.</p>
<h2 id="add-your-fingerprint-to-nickserv">Add your fingerprint to NickServ</h2>
<p>You can then check whether you have a fingerprint by using <code class="language-plaintext highlighter-rouge">whois</code> on yourself:</p>
<pre><code class="language-irc">/whois YourOwnNick
...
YourOwnNick has client certificate fingerprint 959c0bdfa9877d3466c5848f55264f72f132c657b002b79fda65dbe36c67f4bb3d2a3e2e9925cb5896a53c76169c5bb71b7853bd90192068dc77f4b20159a1d8
...
</code></pre>
<p>To allow NickServ to recognise you based on your certificate, you need to add
the <strong>sha512</strong> fingerprint to your account (you will need to log in by other
means in order to do so).</p>
<p>You can then authorise your current certificate fingerprint:</p>
<pre><code class="language-irc">/msg NickServ CERT ADD
</code></pre>
<p>In the future, any connections you make to Libera.Chat with your certificate
will be logged into your account automatically. Optionally, or if you wish to
<a href="connect.html">connect via Tor</a>, you can enable SASL with the <code class="language-plaintext highlighter-rouge">EXTERNAL</code> mechanism.</p>
<hr>
<p>Based on content © 2016-2021 <a href="https://github.com/freenode/web-7.0/graphs/contributors">freenode/web7.0s contributors</a>
under <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/">Creative Commons BY-NC-SA</a></p>
</main><footer>
<div>
<span class="copyright">&copy; Libera Chat's contributors 2021</span>
(<a rel="license noopener noreferrer" href="../LICENSE-content.txt">Content CC BY-NC-SA</a>,
<a rel="license noopener noreferrer" href="../LICENSE-code.txt">Code MIT</a>)
<span class="mobile-hide">/</span>
<a href="../atom.xml">Feed (atom)</a>
<span class="mobile-hide">/</span>
<a href="../privacy.html">Privacy</a>
</div>
<div>
<a rel="me noopener noreferrer" href="https://fosstodon.org/@liberachat">Mastodon</a>
<span class="mobile-hide">/</span>
<a href="https://github.com/Libera-Chat/libera-chat.github.io" rel="noopener noreferrer">GitHub</a>
<span class="mobile-hide">/</span>
<a href="https://twitter.com/liberachat" rel="noopener noreferrer">Twitter</a>
<span class="mobile-hide">/</span>
<a href="https://facebook.com/liberachat" rel="noopener noreferrer">Facebook</a>
</div>
</footer>
Reference in a new issue View git blame Copy permalink