Identifying with CERTFP

CertFP allows clients connected via SSL with a client SSL certificate to authenticate to services using the SHA1 fingerprint of their client SSL certificate. One must have registered with services. If you do not already have an SSL certificate, you will need to create one.

Adding a Fingerprint to NickServ

  1. Identify to your account, if you haven't already: /msg NickServ identify account password.

  2. If you haven't found your certificate fingerprint yet, use openssl x509 -sha1 -noout -fingerprint -in mynick.pem | sed -e 's/^.*=//;s/://g;y/ABCDEF/abcdef/' to determine it. Replace mynick.pem with the actual filename of your certificate.

    If you have connected using your SSL certificate, you will also see the fingerprint in your own WHOIS. It is sent with a 276 numeric that looks like:

    276 yournick yournick :has client certificate fingerprint f1ecf46714198533cda14cccc76e5d7114be4195
  3. Use /msg NickServ cert add fingerprint to add your fingerprint. Replace fingerprint with the actual fingerprint.

The next time you connect using your client SSL certificate, you will be automatically identified.

Troubleshooting CertFP Identification

Configuring Client SSL Certificates

Instructions for configuring a client SSL certificate for some popular clients are below.

If you know of any additions or corrections, or would like to contribute improvements, contact us at the email below.

Copyright © 2002 – 2012 by freenode Creative Commons License
Comments to email address: support at freenode dot net