Using SSL Certs for Passwords

These are old archives. They are kept for historic purposes only.
Locked
Stealth
Head of Support
Posts: 2086
Joined: Tue Jun 15, 2004 8:50 pm
Location: Chino Hills, CA, US
Contact:

Using SSL Certs for Passwords

Post by Stealth »

How to use SSL Certs for Passwords

Generating Your SSL Cert (Windows)
  1. First, you need to go to this website, and download the latest OpenSSL installer for Windows.
  2. Run the installer, be sure it gets installed to C:\OpenSSL
  3. Download ssl.zip from Sts's site or Stealth's site (MD5: 2e7cf1a25f10bbadcd7872ab4d34c4c4; SHA1: f368d052ca3cb1eb72a7ac1ce4abbe196091e38e)
  4. Unzip the contents to the directory of your choice.
  5. Run makeNewCert.bat, provide it with the proper information.
  6. Once done, you will have 3 new files in the directory you unzipped it to. The files will be: privkey.pem, cert.pem, and certreq.pem.
Generating Your SSL Cert (*NIX)
  1. The simplest way would be to download Stealth's Client Certificate Creation Tool, located here (MD5: 6505BAC428F621AA71B125672872A48D; SHA1: 072D556C79A7109D2DB0546202D893330A4ED2B6).
  2. Run the creation tool by typing "makecert.sh new" in your shell and provide the requested information. For additional options, run makecert.sh by itself.
  3. It will make 3 new files, privkey.pem, cert.pem, and req.pem.
Alternative Methods for Cert Generation Setting Up Unreal
  1. Copy cert.pem to where Unreal is being run from, and put it in the same directory as unrealircd.conf. You may want to rename this to be yournick.pem you will have more opers using certs.
  2. In you oper block's password line, make the password the filename of the cert file, and then the auth would be sslclientcert. The password line should look like:

    Code: Select all

    password "cert.pem" { sslclientcert; };
  3. Be sure to rehash Unreal, a /rehash -ssl may be required.
Setting Up mIRC
  1. Copy privkey.pem and cert.pem to your mIRC directory.
  2. In Options, go to Connect > Options > Click the SSL button
  3. Click the button below "Private key file:", and select privkey.pem
  4. Click the button below "Certificate chain file:", and select cert.pem
  5. Reconnect to your server
Setting Up KVIRC (Submitted by malachy29)
  1. Open up KVIRC's configuration (Settings > Configure KVIRC), go to Connections > Advanced.
  2. On the SSL tab, Check both "Use SSL Certificate" and "Use SSL Private Key"
  3. Under Use SSL Certificate, enter the path or browse to your ssl certificate.
  4. Under Use SSL Private Key, enter the path or browse to your private key file.
  5. Click apply and OK
  6. When connecting, either click "Use SSL" in the advanced tab of the server prefs, or use /server -s irc.example.com
Setting Up irssi (*nix)
  1. Copy privkey.pem and cert.pem to your .irssi directory.
  2. Be sure to chmod the files so they cannot be read or modified by other users. (Hint: chmod 600)
  3. Set up an alias with the connect command and proper certs. You can do this by typing:

    Code: Select all

    /alias ssl connect -ssl -ssl_pkey /home/your_login/.irssi/privkey.pem -ssl_cert /home/your_login/.irssi/cert.pem $0-
    (be sure to change the paths to the proper ones)
  4. Disconnect from your server, and reconnect by using

    Code: Select all

    /ssl your.server.name
Setting Up X-Chat (Submitted by Jobe1986)
Note: Only the newer versions of X-Chat support specifying your own certs for connecting to servers with SSL.
  1. For both operating systems you need to put both your SSL key and SSL cert into the same file. This can be done by simply copying the text from the cert file and pasting it below the text in the key file. Be sure to save a backup copy of your cert and key in case the new file is somehow made unusable!
  2. Name the new file client.pem
*NIX:
  1. Copy the file containing both your keypair to ~/.xchat/
  2. Be sure to set the proper permissions so other users cannot get your key! (Hint: chmod 600)
Windows:
  1. X-Chat stores your SSL information in 2 different locations on Windows. To make things simple, just copy your cert to the following locations:
    • %USERPROFILE%\Application Data\X-Chat 2\
    • C:\Program Files\XChat\

Opering
To oper on your server, just type

Code: Select all

/oper your_login *

Note: I don't know how to set up any other clients to use SSL certs. If you wish to provide instructions for other clients, please send me a message. If something is incorrect on this page, please let me know!
Last edited by Stealth on Thu Dec 08, 2011 3:01 am, edited 3 times in total.
Reason: Update makecert.sh; add link to online cert generator
Locked