How to login securely ؟ SSL/TLS

If you hit any installation issues or cannot connect to your freshly installed UnrealIRCd then this forum is for you.

Moderator: Supporters

Post Reply
joker
Posts: 5
Joined: Fri Oct 15, 2021 6:39 pm

How to login securely ؟ SSL/TLS

Post by joker »

HI,

I don't know the solution to enter security. All attempts have failed.

/* Standard IRC SSL/TLS port 6697 */
listen {
ip *;
port 6697;
options { tls; }
tls-options {
certificate "/home/keme/unrealircd/conf/tls/server.cert.pem";
key "/home/keme/unrealircd/conf/tls/server.key.pem";
}
https://www.sslshopper.com/ssl-checker.html
This error appears?
irc.meme.com resolves to 88.88.222.222

Server Type: Apache

The certificate will expire in 3649 days.

The hostname (irc.meme.com) is correctly listed in the certificate.

The certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate
ommon name: irc.keme.com
Organization: IRC Org. Unit: IRCD
Location: ou, mi, uw
Valid from September 20, 2024 to September 18, 2034
Serial Number: 2045c307196ff2ub2f4b0aeacs308x1ew397r
Signature Algorithm: ecdsa-with-SHA256
Issuer: irc.keme.com

What is the solution? The certificate is subject to the control panel. Do I have to buy a certificate or is the free control panel certificate sufficient? What is the solution? Thanks everyone.
Valware
Official supporter
Posts: 47
Joined: Wed Mar 31, 2021 3:17 am
Location: Internet
Contact:

Re: How to login securely ؟ SSL/TLS

Post by Valware »

It seems you are using a self-signed certificate. This is okay for server-to-server connections, but your users client's will try to verify the certificate. A self-signed certificate is not considered valid.

To fix this problem, you can obtain a real certificate (for free) by following the instructions on this page.
Got an idea for a module? Don't be shy! Come talk to me on #unreal-support
Like the support I provide? Consider supporting me with a donation.
joker
Posts: 5
Joined: Fri Oct 15, 2021 6:39 pm

Re: How to login securely ؟ SSL/TLS

Post by joker »

Thanks Valware


irc.keme.com resolves to 88.99.141.226

Server Type: Apache

The certificate should be trusted by all major web browsers (all the correct intermediate certificates are installed).

The certificate will expire in 88 days.

The hostname (irc.zerfoon.com) is correctly listed in the certificate.
Common name: www.irc.keme.com
SANs: *.zerfoon.com, www.irc.keme.com
Valid from September 22, 2024 to December 21, 2024
Serial Number: 04e5afa2257f1ca83d0b5c5c3951d12ca01d
Signature Algorithm: sha256WithRSAEncryption
Issuer: R10

Common name: R10
Organization: Let's Encrypt
Location: US
Valid from March 12, 2024 to March 12, 2027
Serial Number: 4ba85293f79a2fa273064ba8048d75d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: ISRG Root X1

ok
Works great but when adding the port it shows an error
irc.keme.com:6697
he certificate is self-signed. Users will receive a warning when accessing this site unless the certificate is manually added as a trusted certificate to their web browser. You can fix this error by buying a trusted SSL certificate
Common name: irc.keme.com
Organization: IRC Org. Unit: IRCD
Location: kw
Valid from September 22, 2024 to September 20, 2034
Serial Number: 73ba3a15d19de251d53e7a3b857587ef0f00cef4
Signature Algorithm: ecdsa-with-SHA256
Issuer: irc.keme.com
Syzop
UnrealIRCd head coder
Posts: 2133
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

Re: How to login securely ؟ SSL/TLS

Post by Syzop »

Right, so you have loaded a good certificate in Apache but not in UnrealIRCd. The guide that Valware referred you to has instructions on how to load the certificate correctly in UnrealIRCd.

Usually you only have UnrealIRCd on the machine and not also a webserver like Apache. If that is the case (only UnrealIRCd, certbot not set up yet) then just follow the entire guide.

If you already have certbot+apache set up on the same box as unrealircd then you could read only the following two subsections: Tweaking permissions on the key file and Updating your listen blocks. Note that you will be missing out on the automatic rehashing on certificate renewal (unless you update certbot to run that hook mentioned in the guide). Also, we generally recommend running UnrealIRCd on an isolated machine so it is not affected by security mistakes in like web code (PHP/etc) which are kinda widespread. Of course if you don't really care about that (e.g. you are just playing around) or can't afford it then that's up to you.
Post Reply