CACert.Org Server Certificate Installation Assistance

If your UnrealIRCd is up and running but you have a question about it, then use this forum.
(NOT for installation or connecting issues! Use the other forum instead.)

Moderator: Supporters

Post Reply
topdog
Posts: 6
Joined: Mon May 29, 2006 3:31 pm

CACert.Org Server Certificate Installation Assistance

Post by topdog » Mon Oct 23, 2017 12:02 pm

Good day folks,
I am running UnrealIRCD 4.0.15 on Linux.
I recently signed up for CACert.org and generated a server certificate, and cannot figure out how to install it.
I'd appreciate some help on this when time permits, as I am currently using a self-signed cert right now and wish to use a CACert.org certificate instead.

Gottem
Posts: 171
Joined: Fri Aug 19, 2016 5:26 pm
Location: NL

Re: CACert.Org Server Certificate Installation Assistance

Post by Gottem » Tue Oct 24, 2017 4:25 pm

You should have a private key and a public key (certificate), verify that you do before proceeding.

Now, let's say you installed UnrealIRCd as the user unreal into /home/unreal/ircd. You need to change into the directory /home/unreal/ircd/conf/ssl first, there you'll see multiple files, amongst which are:
  • server.cert.pem
  • server.key.pem
Rename both of those to something else (like, append -orig or something). Then upload your CACert.org key and cert into that same directory using the same filenames (you can use custom ones but this is the easiest way). Then from the command line/SSH you can run /home/unreal/ircd/unrealircd reloadtls to make that cert active, or just run /rehash -ssl from IRC as an oper.

Sidenote: whether you use CACert.org certs or your own self-signed ones, it basically has the same effect in regards to cert warnings/errors. Except CACert is/should be trusted by *nix distros (so still not Windows, iOS, Mac OSX etc) while your own is not trusted by anything at all. I would just go with LetsEncrypt tbh. =]
If you like my modules, pls consider donating (through PayPal) or becoming a monthly Patron ;];]

topdog
Posts: 6
Joined: Mon May 29, 2006 3:31 pm

Re: CACert.Org Server Certificate Installation Assistance

Post by topdog » Tue Oct 24, 2017 5:35 pm

Gottem wrote:
Tue Oct 24, 2017 4:25 pm
You should have a private key and a public key (certificate), verify that you do before proceeding.

Now, let's say you installed UnrealIRCd as the user unreal into /home/unreal/ircd. You need to change into the directory /home/unreal/ircd/conf/ssl first, there you'll see multiple files, amongst which are:
  • server.cert.pem
  • server.key.pem
Rename both of those to something else (like, append -orig or something). Then upload your CACert.org key and cert into that same directory using the same filenames (you can use custom ones but this is the easiest way). Then from the command line/SSH you can run /home/unreal/ircd/unrealircd reloadtls to make that cert active, or just run /rehash -ssl from IRC as an oper.

Sidenote: whether you use CACert.org certs or your own self-signed ones, it basically has the same effect in regards to cert warnings/errors. Except CACert is/should be trusted by *nix distros (so still not Windows, iOS, Mac OSX etc) while your own is not trusted by anything at all. I would just go with LetsEncrypt tbh. =]
Hello,
In CACert.org it only allows me to copy the cert itself. So do I paste it in a new file? And use the set block given in the URL provided?
I have the following files:
  • server.cert.pem
    server.key.pem
    and
    server.req.pem
Where should the actual cert be pasted into? Also, do I use the server.req.pem file as a CSR?

Syzop
UnrealIRCd head coder
Posts: 1815
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: CACert.Org Server Certificate Installation Assistance

Post by Syzop » Wed Oct 25, 2017 1:23 pm

As Gottem said CACert offers pretty much no benefit over the default self-signed certificate.
You should go with Let's Encrypt instead. Then you get a 'real' certificate.
Tutorial: https://www.unrealircd.org/docs/Using_L ... UnrealIRCd

Gottem
Posts: 171
Joined: Fri Aug 19, 2016 5:26 pm
Location: NL

Re: CACert.Org Server Certificate Installation Assistance

Post by Gottem » Wed Oct 25, 2017 11:44 pm

Just some background info for in the future (and completeness lel):

Well the key should be generated by you and not CACert for security reasons, so it should be on your computer/server somewhere. You simply create a Certificate Signing Request (CSR), which means you generate a private key along with a request for signing your certificate. Then you present this CSR to a (trusted) Certificate Authority who'll decide if they'll actually create and sign your cert (in case of CACert this is automated if I recall correctly). You'll then receive your cert if they approved it.

For installing it w/ Unreal:
The cert should be contained in server.cert.pem, the key goes in server.key.pem (in X.509 DER format [base64 encoded content]). You also don't need to use the set block I linked (that was just an example of using custom filenames, which isn't required). And you don't really need to have your CSR on there. =]
If you like my modules, pls consider donating (through PayPal) or becoming a monthly Patron ;];]

Post Reply