From Vague Hope Wiki
Revision as of 04:51, 6 July 2013 by Haku (Talk | contribs) (InspIRCd with SSL and client certs)

Jump to: navigation, search


InspIRCd with SSL

Generate self-signed server certs:

openssl dhparam -out dhparam_4096.pem 4096
openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 1024

Configure in inspircd.conf

<bind address="" port="6697" type="clients" ssl="openssl">
<openssl cafile="conf/ca.pem" certfile="conf/cert.pem" keyfile="conf/key.pem" dhfile="conf/dhparam_4096.pem">

InspIRCd with SSL and client certs

Configure openssl

sudo -i
cd /root/<caname>
cp /etc/ssl/openssl.cnf .

Edit /root/<caname>/openssl.cnf ...

dir = /root/<caname>/_ca
*_default ...

Fix script: edit /usr/lib/ssl/misc/ and set CADAYS to 3650.

Generate a CA:

mkdir _ca && cd _ca
/usr/lib/ssl/misc/ -newca
mv demoCA/* . && rmdir demoCA && cd ..

Issue client certificate:

mkdir someuser && cd someuser
/usr/lib/ssl/misc/ -newreq
ln -s ../_ca demoCA # hack to avoid editing /usr/lib/ssl/openssl.cnf
/usr/lib/ssl/misc/ -sign
rename 's/new/testuser_/' *.pem