Configuring Client SSL Certificates for XChat

These instructions are partially taken, with permission, from OFTC. Thanks!

  1. Make a cert if you haven't already. XChat does not support passphrase-protected client certificates, so make sure you specify the -nodes option.

  2. Copy the cert you made into your ~/.xchat2 directory, C:\Users\USERNAME\AppData\Roaming\X-Chat2 directory, or from wherever XChat stores user settings. The certificate filename must match the name of the network, so you should probably name it freenode.pem.

  3. mv mynick.pem ~/.xchat2/freenode.pem

    Make sure the filesystem permissions restrict read access for the file to just you.

  4. From the XChat menu, select Network list.

    XChat: Network List

  5. Find freenode in the network list, and click Edit. The network name may be mis-capitalized as "FreeNode".

  6. Enable the option to Use SSL for all servers on this network.

    If you have installed the UTN-USERFirst-Hardware certificate to be trusted (perhaps by installing a root-ca package, as explained on the IRC Servers page), then the SSL connection should verify. If not, you may have to enable the Accept invalid SSL certificate option.

    XChat: Edit Network

  7. Click Close.

  8. Click Connect. You should be connected using SSL, and in your own whois you should see your certificate fingerprint. You can tell NickServ to automatically identify based on this certificate fingerprint by doing:

    /msg nickserv CERT ADD

If you know of any additions or corrections, or would like to contribute improvements, contact us at the email below.

Copyright © 2002 – 2016 by freenode Creative Commons License
Comments to email address: support at freenode dot net