Difference between revisions of "IRC"
From Vague Hope Wiki
(→Configuring Irssi) |
(→Configuring InspIRCd) |
||
Line 59: | Line 59: | ||
=== Configuring InspIRCd === | === Configuring InspIRCd === | ||
+ | |||
+ | Enable ssl_info in conf/modules.conf: | ||
+ | <module name="m_sslinfo.so"> | ||
Tell InspIRCd to require client certificates: | Tell InspIRCd to require client certificates: |
Revision as of 06:48, 6 July 2013
Contents
References
- http://wiki.inspircd.org/Commands
- http://wiki.inspircd.org/1.2/User_Modes
- http://wiki.inspircd.org/Modules/2.0/ssl_gnutls
- http://wiki.inspircd.org/Secure_Sockets_Layer
- http://www.oftc.net/NickServ/CertFP/
- http://workaround.org/certificate-authority
InspIRCd with SSL
OpenSSL CA from scratch
Generate self-signed server certs:
openssl dhparam -out dhparam_4096.pem 4096 openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 1024
Configure in inspircd.conf
<bind address="" port="6697" type="clients" ssl="openssl"> <openssl cafile="conf/ca.pem" certfile="conf/cert.pem" keyfile="conf/key.pem" dhfile="conf/dhparam_4096.pem">
InspIRCd with SSL and client certs
Configure openssl
sudo -i cd ~root/<caname> cp /etc/ssl/openssl.cnf .
Edit ~root/<caname>/openssl.cnf ...
dir = ~root/<caname>/_ca
default_bits = 4096
*_default ...
FS layout:
cd ~root/<caname> mkdir _ca && cd _ca mkdir certs private newcerts echo 1000 > serial touch index.txt
Generate 10 year CA certificate:
cd ~root/<caname>/_ca openssl req -new -x509 -days 3650 -extensions v3_ca \ -keyout private/cakey.pem -out cacert.pem \ -config ~root/<caname>/openssl.cnf
Issue client certificate (remove -nodes to encrypt):
cd ~root/<caname> mkdir <someuser> && cd <someuser> openssl req -new -nodes \ -keyout someuser_key.pem -out someuser_req.pem \ -config ~root/<caname>/openssl.cnf openssl ca \ -config ~root/<caname>/openssl.cnf \ -out someuser_cert.pem \ -infiles someuser_req.pem
Configuring InspIRCd
Enable ssl_info in conf/modules.conf:
<module name="m_sslinfo.so">
Tell InspIRCd to require client certificates:
<connect ... requiressl="trusted">
Configuring Irssi
Merge certs for Irssi:
openssl pkcs12 -inkey someuser_key.pem -in someuser_cert.pem -export -out someuser.p12 openssl pkcs12 -in someuser.p12 -nodes -clcerts -out someuser.pem
Configure Irssi:
servers = ( { chatnet = "somechatnet"; address = "someserver"; port = "6697"; use_ssl = "yes"; ssl_cert = "/home/haku/.ssl/someca/someuser/someuser.pem"; ssl_cafile = "/home/haku/.ssl/someca/someca_cacert.pem"; ssl_verify = "yes"; autoconnect = "yes"; } }