Page 1 of 1
CACert.Org Server Certificate Installation Assistance
Posted: Mon Oct 23, 2017 12:02 pm
by topdog
Good day folks,
I am running UnrealIRCD 4.0.15 on Linux.
I recently signed up for CACert.org and generated a server certificate, and cannot figure out how to install it.
I'd appreciate some help on this when time permits, as I am currently using a self-signed cert right now and wish to use a CACert.org certificate instead.
Re: CACert.Org Server Certificate Installation Assistance
Posted: Tue Oct 24, 2017 4:25 pm
by Gottem
You should have a private key and a public key (certificate), verify that you do before proceeding.
Now, let's say you installed UnrealIRCd as the user
unreal into
/home/unreal/ircd. You need to change into the directory
/home/unreal/ircd/conf/ssl first, there you'll see multiple files, amongst which are:
- server.cert.pem
- server.key.pem
Rename both of those to something else (like, append
-orig or something). Then upload your CACert.org key and cert into that same directory using the same filenames (
you can use custom ones but this is the easiest way). Then from the command line/SSH you can run
/home/unreal/ircd/unrealircd reloadtls to make that cert active, or just run
/rehash -ssl from IRC as an oper.
Sidenote: whether you use CACert.org certs or your own self-signed ones, it basically has the same effect in regards to cert warnings/errors. Except CACert is/should be trusted by *nix distros (so still not Windows, iOS, Mac OSX etc) while your own is not trusted by anything at all. I would just go with LetsEncrypt tbh. =]
Re: CACert.Org Server Certificate Installation Assistance
Posted: Tue Oct 24, 2017 5:35 pm
by topdog
Gottem wrote: ↑Tue Oct 24, 2017 4:25 pm
You should have a private key and a public key (certificate), verify that you do before proceeding.
Now, let's say you installed UnrealIRCd as the user
unreal into
/home/unreal/ircd. You need to change into the directory
/home/unreal/ircd/conf/ssl first, there you'll see multiple files, amongst which are:
- server.cert.pem
- server.key.pem
Rename both of those to something else (like, append
-orig or something). Then upload your CACert.org key and cert into that same directory using the same filenames (
you can use custom ones but this is the easiest way). Then from the command line/SSH you can run
/home/unreal/ircd/unrealircd reloadtls to make that cert active, or just run
/rehash -ssl from IRC as an oper.
Sidenote: whether you use CACert.org certs or your own self-signed ones, it basically has the same effect in regards to cert warnings/errors. Except CACert is/should be trusted by *nix distros (so still not Windows, iOS, Mac OSX etc) while your own is not trusted by anything at all. I would just go with LetsEncrypt tbh. =]
Hello,
In CACert.org it only allows me to copy the cert itself. So do I paste it in a new file? And use the set block given in the URL provided?
I have the following files:
- server.cert.pem
server.key.pem
and
server.req.pem
Where should the actual cert be pasted into? Also, do I use the server.req.pem file as a CSR?
Re: CACert.Org Server Certificate Installation Assistance
Posted: Wed Oct 25, 2017 1:23 pm
by Syzop
As Gottem said CACert offers pretty much no benefit over the default self-signed certificate.
You should go with Let's Encrypt instead. Then you get a 'real' certificate.
Tutorial:
https://www.unrealircd.org/docs/Using_L ... UnrealIRCd
Re: CACert.Org Server Certificate Installation Assistance
Posted: Wed Oct 25, 2017 11:44 pm
by Gottem
Just some background info for in the future (and completeness lel):
Well the key should be generated by you and not CACert for security reasons, so it should be on your computer/server somewhere. You simply create a Certificate Signing Request (CSR), which means you generate a private key along with a request for signing your certificate. Then you present this CSR to a (trusted) Certificate Authority who'll decide if they'll actually create and sign your cert (in case of CACert this is automated if I recall correctly). You'll then receive your cert if they approved it.
For installing it w/ Unreal:
The cert should be contained in server.cert.pem, the key goes in server.key.pem (in X.509 DER format [base64 encoded content]). You also don't need to use the set block I linked (that was just an example of using custom filenames, which isn't required). And you don't really need to have your CSR on there. =]