Difference between revisions of "IRC"

From Vague Hope Wiki
Jump to: navigation, search
(InspIRCd with SSL and client certs)
(InspIRCd with SSL and client certs)
Line 45: Line 45:
 
   -config ~root/<caname>/openssl.cnf
 
   -config ~root/<caname>/openssl.cnf
  
Issue client certificate (remove -nodes to leave unencrypted):
+
Issue client certificate (remove -nodes to encrypt):
 
  cd ~root/<caname>
 
  cd ~root/<caname>
 
  mkdir <someuser> && cd <someuser>
 
  mkdir <someuser> && cd <someuser>

Revision as of 05:16, 6 July 2013

References

InspIRCd with SSL

Generate self-signed server certs:

openssl dhparam -out dhparam_4096.pem 4096
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 1024

Configure in inspircd.conf

<bind address="" port="6697" type="clients" ssl="openssl">
<openssl cafile="conf/ca.pem" certfile="conf/cert.pem" keyfile="conf/key.pem" dhfile="conf/dhparam_4096.pem">

InspIRCd with SSL and client certs

Configure openssl

sudo -i
cd ~root/<caname>
cp /etc/ssl/openssl.cnf .

Edit ~root/<caname>/openssl.cnf ...

dir = ~root/<caname>/_ca

default_bits = 4096

*_default ...

FS layout:

cd ~root/<caname>
mkdir _ca && cd _ca
mkdir certs private newcerts
echo 1000 > serial
touch index.txt

Generate 10 year CA certificate:

cd ~root/<caname>/_ca
openssl req -new -x509 -days 3650 -extensions v3_ca \ 
 -keyout private/cakey.pem -out cacert.pem \
 -config ~root/<caname>/openssl.cnf

Issue client certificate (remove -nodes to encrypt):

cd ~root/<caname>
mkdir <someuser> && cd <someuser>
openssl req -new -nodes \
 -keyout someuser_key.pem -out someuser_req.pem \
 -config ~root/<caname>/openssl.cnf
openssl ca \
 -config ~root/<caname>/openssl.cnf \
 -out someuser_cert.pem \
 -infiles someuser_req.pem