Using client certificates

When connecting to GTANet on port 6697 with a secured (SSL) connection, you can set up a client certificate to automatically authenticate with your NickServ account. This feature is also available in the latest versions of various major bouncers, such as ZNC.

This page explains how to create your private certificate, and how to set up your NickServ account to accept it.

Creating your certificate

We begin by generating a new certificate for you, using OpenSSL. Mac OS X and Linux have this installed by default, Windows users will have to download and install OpenSSL manually (add it to your path!).

Run the following command in a shell or command prompt:

$ openssl req -nodes -newkey rsa:2048 -keyout irc.key -x509 -days 365 -out irc.crt

You now have two files: irc.crt which is your public certificate, and irc.key which is your private key. Do not share irc.key with anyone else, or they will be able to access your NickServ account!

Now create your certificate chain by placing the contents of irc.key under irc.crt. This can be done using:

$ cat irc.crt irc.key > irc.pem

The irc.pem file is your certificate chain. Keep this file private!

Installing your certificate in your client

You now have to set up your client or bouncer to use the certificate.

  • mIRC
    Go to mIRC Options, then Connect -> Options and click on the SSL button. Select your irc.pem file under the Certificate Chain File option in the displayed dialog.
     
  • ZNC
    If you have access to the shell for ZNC, move your irc.pem file in:
    ~/.znc/users/username/networks/network/moddata/cert/user.pem

    Alternatively you may be able to upload the certificate using the Web interface.

Please refer to the documentation of your IRC client when it hasn't been listed on this page.

Setting up NickServ to accept your certificate

You now have to set up the certificate for your account. On Mac OS X and Linux, run the following command to get the fingerprint associated with your certificate:

$ openssl x509 -sha1 -noout -fingerprint -in irc.pem | \
    sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/'

If you run Windows, or cannot execute this command for other reasons, please ask us in #CallCentre.

Your fingerprint will be 32 characters and numbers long. For example: 6da89cd09ab7937478a1d47d20938536.

To associate this certificate with your NickServ account, run this command on IRC:

/privmsg NickServ cert add YourFingerprint

Your account is now set up so that your certificate will automatically identify you on connection!