![[freenode]](/logo2.png "freenode"){kind=logo}
![[Internet services by Oregon State University's Open Source Lab]](/images/freenode_osuosl.png "Internet services by Oregon State University's Open Source Lab")
Configuring Client SSL Certificates for Irssi
Copy the cert you made into your ~/.irssi directory. Make sure the filesystem permissions restrict read access for the file to just you.
mv mynick.pem ~/.irssi/mynick.pem
(optional) To enable strict SSL validation, you may also need to tell irssi to trust the UTN-USERFirst-Hardware certificate. Either install the appropriate package (as explained on the IRC Servers page) or download the certificate.
Copy or move the downloaded certificate PEM file to your ~/.irssi directory.
mv UTN-USERFirst-Hardware.crt ~/.irssi/UTN-USERFirst-Hardware.pem
You shouldn't need the following; the server should provide the Gandi intermediary cert when you connect. If you have trouble with it though, you will need to convert the downloaded file into PEM format using: openssl x509 -inform der -in GandiStandardSSLCA.crt -out gandi.pem and prepend gandi.pem to UTN-USERFirst-Hardware.pem, avoiding any extra newlines.
We will add/edit a network for freenode. We'll creatively call it freenode. It's case-sensitive, and the name doesn't matter as long as it's used consistently.
/network add -whois 1 -msgs 4 -kicks 1 -modes 4 freenode
You might also add parameters for -nick, -user, and/or -realname. See /help network for details.
In irssi, each network can support multiple servers, but we only need to add one:
/server add -auto -ssl -ssl_cert ~/.irssi/mynick.pem -ssl_verify -ssl_cafile ~/.irssi/UTN-USERFirst-Hardware.pem -network freenode chat.freenode.net 6697
If you skipped step two above, then omit the -ssl_verify and -ssl_cafile options.
The next time you /connect freenode or start irssi, you will automatically be connected to freenode using your SSL certificate.
After connecting with the updated configuration, /whois yournick will show:
-!- : is using a secure connection -!- : has client certificate fingerprint f1ecf46714198533cda14cccc76e5d7114be4195
(Your fingerprint will be different, of course.)
You can tell NickServ to automatically identify based on this certificate fingerprint by doing:
/msg nickserv CERT ADD
If you know of any additions or corrections, or would like to contribute improvements, contact us at the email below.
Copyright © 2002 – 2013
by freenode
Comments to email address: support at freenode dot net