Requirements (What you will need)
- Linux shell
I am writing this tutorial in the standpoint of an IRC Network Administrator, to teach IRC Users how to ensure you are using a "genuine" SSL connection. The names of the certificate can vary to whatever you need it to be, but in this instance we will use "nick" as the certificate name.
After logging into your box, you should be at your home directory (/home/youruserhere) unless the server you're logging into has a special setup for it's SSH users. To generate a SSL certificate, we are going to use the "openssl" command with the "req" command argument.
openssl req -nodes -newkey rsa:2048 -keyout user.key -x509 -days 3650 -out user.cer Generating a 2048 bit RSA private key writing new private key to 'user.key'You will see a questionnaire to add information to the certificate you are trying to generate. You want to answer the questions asked truthfully, or your SSL Certificate can be questioned and denied by the server you're trying to contact. (It's all based on GeoIP, which locates your IP. If you have an SSL Certificate that says you're elsewhere, smarter systems will reject your request.)
----- Country Name (2 letter code) [US]: YOURCOUNTRYCODE State or Province Name (full name) [Texas]: YOURSTATE Locality Name (eg, city) [San Antonio]: YOURCITY Organization Name (eg, company) : YOURTEXTHERE Organizational Unit Name (eg, section) [IT]: YOURTEXTHERE Common Name (eg, YOUR name) : YOUR SERVER'S NAME (Your name if this is a personal certificate for client side auth) Email Address : EMAILHEREIf you don't have an organization name or organizational unit name, you can substitute the answers with a period (.) and they will be left empty.
After generating this certificate, we want to make sure it can't be read from unauthorized parties. To do this in Linux, type this command:
chmod 400 user.keyCuriosity killed the cat, but never said anything about linux users. Should you want to actually see the contents of your newly generated certificate, you can key in this command to the shell
openssl x509 -noout -fingerprint -text < user.cerOkay, look at you guru! You have yourself a .key and .cer. What do we do from here?
Combine the nick.key and the nick.cer to create nick.pem then adjust permissions so only you can use this certificate (We don't want anyone within the same group using it either, we just want your user to be able to read this information) like so:
cat user.cer user.key > user.pem chmod 400 user.pemNow you have a shiny new SSL certificate. From there, you can download the certificate and use it in popular IRC clients such as mIRC, irssi, XChat, ChatZilla, and more.
If anyone would like a specific break down per IRC Client and how to embed an SSL certificate, let me know.
* Note that SSL Certificates cannot be used in web based IRC Clients. You should have a desktop client installed on your system for this to work.
** Having self signed SSL Certificates can both help, and hinder your work. Depending on the nature of your browsing the secure socket layer (SSL) internet, It is mostly always best to get a proper SSL Certificate. SSL Certificates for websites and emails are Class 1 Certificates, and in most cases are free to obtain from a proper CA (Certificate Authority).