Difference between revisions of "IRC"
From Vague Hope Wiki
(→InspIRCd with SSL and client certs) |
(→InspIRCd with SSL and client certs) |
||
Line 22: | Line 22: | ||
Generate a CA: | Generate a CA: | ||
+ | mkdir _ca && cd _ca | ||
/usr/lib/ssl/misc/CA.sh -newca | /usr/lib/ssl/misc/CA.sh -newca | ||
+ | mv demoCA/* . && rmdir demoCA && cd .. | ||
+ | |||
+ | Issue client certificate: | ||
+ | mkdir someuser && cd someuser | ||
+ | /usr/lib/ssl/misc/CA.sh -newreq | ||
+ | export CATOP="../_ca/" | ||
+ | export SSLEAY_CONFIG="-cert ../_ca/cacert.pem" | ||
+ | /usr/lib/ssl/misc/CA.sh -sign |
Revision as of 03:54, 6 July 2013
References
- http://wiki.inspircd.org/Commands
- http://wiki.inspircd.org/1.2/User_Modes
- http://wiki.inspircd.org/Modules/2.0/ssl_gnutls
- http://wiki.inspircd.org/Secure_Sockets_Layer
- http://www.oftc.net/NickServ/CertFP/
InspIRCd with SSL
Generate self-signed server certs:
openssl dhparam -out dhparam_4096.pem 4096 openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 1024
Configure in inspircd.conf
<bind address="" port="6697" type="clients" ssl="openssl"> <openssl cafile="conf/ca.pem" certfile="conf/cert.pem" keyfile="conf/key.pem" dhfile="conf/dhparam_4096.pem">
InspIRCd with SSL and client certs
Fix script: edit /usr/lib/ssl/misc/CA.sh and set CADAYS to 3650.
Generate a CA:
mkdir _ca && cd _ca /usr/lib/ssl/misc/CA.sh -newca mv demoCA/* . && rmdir demoCA && cd ..
Issue client certificate:
mkdir someuser && cd someuser /usr/lib/ssl/misc/CA.sh -newreq export CATOP="../_ca/" export SSLEAY_CONFIG="-cert ../_ca/cacert.pem" /usr/lib/ssl/misc/CA.sh -sign