UnrealIRCd Forums

Posted: **Mon Sep 05, 2011 5:58 am**

Hey there, I'm trying to get SSL to work on my network and i keep getting connection errors when trying. Yes, ssl was enable when compiled, and yes i set up the listen block correctly for ssl. Seems to be something with the certificates. I used the Certificate Signing Request code from server.req.pem to get the signed cert from CAcert.org and i copied and pasted the resulting cert code into server.cert.pem.

i also added this block to my unrealircd.conf and restarted the ircd. the CAcert-bundle.crt file contains both the CAcert.org Class 1 and Class 3 root certificates.

Code: Select all

set {
    ssl {
      certificate server.cert.pem;
      key server.key.pem;
      trusted-ca-file CAcert-bundle.crt;
      };
};

Unfortunately, this isnt working which is why I'm here.
In XChat on windows i get :

Code: Select all

* Looking up irc.androidia.net
* Connecting to irc.androidia.net (67.220.66.119) port 6697...
* * Subject: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
* * Issuer: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
* * Subject: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
* * Issuer: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
* * Subject: /CN=irc.androidia.net
* * Issuer: /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/[email protected]
* * Certification info:
*   Subject:
*     CN=irc.androidia.net
*   Issuer:
*     O=Root CA
*     OU=http:
*     
*     www.cacert.org
*     CN=CA Cert Signing Authority
*     [email protected]
*   Public key algorithm: rsaEncryption (1024 bits)
*   Sign algorithm sha1WithRSAEncryption
*   Valid since Sep  4 06:46:52 2011 GMT to Mar  2 06:46:52 2012 GMT
* * Cipher info:
*   Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits)
* Connection failed. Error: self signed certificate in certificate chain.? (19)

And when i try connecting via irssi on my linux box i get:

Code: Select all

00:56 -!- Irssi: Looking up irc.androidia.net
00:56 -!- Irssi: Connecting to irc.androidia.net [67.220.66.119] port 6697
00:56 -!- Irssi: Connection to irc.androidia.net established
00:56 -!- Irssi: Connection lost to irc.androidia.net

Sorry for such a long first post. Just trying to be as descriptive as possible!

Any ideas/things to try/hints? etc...

Thanks in advance!
death2all110

Posted: **Mon Sep 05, 2011 6:07 am**

X-Chat: Make sure the system has the CAcert root cert installed and that it is a recognized authority. If X-Chat does not have the CA root certificate, it will see the server as self-signed. You can also disable this in your X-Chat settings (I do not know where though)

irssi: Make sure you have told irssi that you want to use SSL (/connect -ssl irc.example.com 6697)

Posted: **Mon Sep 05, 2011 6:28 am**

Well, i have the CA root cert installed on my windows machine but xchat is being a PITA so i have been using the setting you're talking about the "accept invalid ssl certificates".

Im trying irssi now. i facepalmed myself because i have totally been forgetting the -ssl part of the connect command.

I'll update in a few. Thanks for the quick response stealth!

Haha! irssi worked like a charm!

Thanks stealth!

UnrealIRCd Forums

Unreal 3.2.8.1 + SSL + CAcert.org Signed certs

Unreal 3.2.8.1 + SSL + CAcert.org Signed certs

Re: Unreal 3.2.8.1 + SSL + CAcert.org Signed certs

Re: Unreal 3.2.8.1 + SSL + CAcert.org Signed certs