From 9b4a7a19db29c8c72344d94aeab3d9c3132c743d Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Wed, 4 Jun 2014 17:43:47 +0300 Subject: [PATCH] pages/external/identifying: increase days & explain it & start client config. --- pages/external/identifying.html | 10 ++++++++-- pages/external/identifying.html.md | 29 ++++++++++++++++++++++++++--- 2 files changed, 34 insertions(+), 5 deletions(-) diff --git a/pages/external/identifying.html b/pages/external/identifying.html index e790348..ac785e2 100644 --- a/pages/external/identifying.html +++ b/pages/external/identifying.html @@ -48,8 +48,14 @@ XX:XX:XX < *sasl> +-------------+-----------------------------------------

I am not sure how this happens on Windows, so you might need to look for that information elsewhere unless someone decides to help me and tell how does it happen. I am going to tell about OpenSSL.

Generating the certificate

Open terminal and run this command and replae YOURNICKNAMEHERE.pem with your nickname or something else which makes you know what it is (DO NOT SET PASSWORD FOR IT OR YOUR CLIENT MIGHT NOT BE ABLE TO USE IT):

-
openssl req -nodes -newkey rsa:4096 -keyout YOURNICKNAMEHERE.pem -x509 -days 365 -out YOURNICKNAMEHERE.pem -subj "/CN=Your Nickname"
-

This gives us file YOURNICKNAMEHERE.pem which you must give to your IRC client. I am sorry, but that depends on your IRC client too, so I cannot say anything about it.

+
openssl req -nodes -newkey rsa:4096 -keyout YOURNICKNAMEHERE.pem -x509 -days 24855 -out YOURNICKNAMEHERE.pem -subj "/CN=Your Nickname"
+

This gives us file YOURNICKNAMEHERE.pem which you must give to your IRC client.

+

NOTE: This certificate is valid for 24855 days which is the maximum on 32-bit systems. This might not be very wise, but as we only use this cert in IRC and we don't want to worry about regenerating it too often so we have a very long time when it's valid. You should regenerate your cert as often as you change your password or more even more often…*

+

Telling your client (or bouncer to use the cert).

+

HexChat

+

Limnoria

+

WeeChat

+

ZNC

Telling NickServ about your key

NickServ wants to know the fingerprint which you can get with the following command:

openssl x509 -sha1 -noout -fingerprint -in YOURNICKNAMEHERE.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'
diff --git a/pages/external/identifying.html.md b/pages/external/identifying.html.md index bc4a27e..6fcbb59 100644 --- a/pages/external/identifying.html.md +++ b/pages/external/identifying.html.md @@ -89,12 +89,35 @@ your nickname or something else which makes you know what it is (**DO NOT SET PASSWORD FOR IT OR YOUR CLIENT MIGHT NOT BE ABLE TO USE IT**): ``` -openssl req -nodes -newkey rsa:4096 -keyout YOURNICKNAMEHERE.pem -x509 -days 365 -out YOURNICKNAMEHERE.pem -subj "/CN=Your Nickname" +openssl req -nodes -newkey rsa:4096 -keyout YOURNICKNAMEHERE.pem -x509 -days 24855 -out YOURNICKNAMEHERE.pem -subj "/CN=Your Nickname" ``` This gives us file `YOURNICKNAMEHERE.pem` which you must give to your IRC -client. I am sorry, but that depends on your IRC client too, so I cannot -say anything about it. +client. + +**NOTE: This certificate is valid for 24855 days which is the maximum on +32-bit systems. This might not be very wise, but as we only use this cert +in IRC and we don't want to worry about regenerating it too often so we +have a very long time when it's valid. You should regenerate your +cert as often as you change your password or more even more often…*** + +### Telling your client (or bouncer to use the cert). + +#### HexChat + + + +### Limnoria + + + +### WeeChat + + + +### ZNC + + ### Telling NickServ about your key