To create new wiki account, please join us on #znc at Libera.Chat and ask admins to create a wiki account for you. You can say thanks to spambots for this inconvenience.
Signed SSL certificate: Difference between revisions
>Resistance No edit summary |
>Resistance |
||
Line 3: | Line 3: | ||
If you want to use your StartSSL web server certificate in ZNC, you need to put your private key and the your certificate into ~/.znc/znc.pem. | If you want to use your StartSSL web server certificate in ZNC, you need to put your private key and the your certificate into ~/.znc/znc.pem. | ||
<code>cat server.key znc.pem > znc.pem | <code>cat server.key znc.pem > znc.pem</code> | ||
Replace server.key and znc.pem with the correct filenames and relevant paths. | Replace server.key and znc.pem with the correct filenames and relevant paths. | ||
Line 16: | Line 16: | ||
<code>openssl s_client -showcerts -connect domain.tld:6667</code> | <code>openssl s_client -showcerts -connect domain.tld:6667</code> | ||
Change the domain and port to your domain and znc's listening port. | Change the domain and port to your domain and znc's listening port. | ||
== PositiveSSL == | == PositiveSSL == |
Revision as of 22:49, 24 December 2012
StartSSL
If you want to use your StartSSL web server certificate in ZNC, you need to put your private key and the your certificate into ~/.znc/znc.pem.
cat server.key znc.pem > znc.pem
Replace server.key and znc.pem with the correct filenames and relevant paths.
The certificate now gets validated, but the validation fails, since the root certificate is properly not know on your machine (while most browser come built-in with the root certificate). So you either make the certificate known to your machine (and all your ZNC users) or your put the root cert into your znc.pem file like the following:
cd ~/.znc/
wget https://www.startssl.com/certs/sub.class1.server.ca.pem -O startssl.com.root.pem
cat startssl.com.root.pem >> znc.pem
It seems the order in your znc.pem must be "key", "own cert" and "root cert". If you get connection errors, make sure you done it right. You can test your certificate without connecting to znc with the following command:
openssl s_client -showcerts -connect domain.tld:6667
Change the domain and port to your domain and znc's listening port.
PositiveSSL
This is how I created a Positive SSL certificate for znc.
openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
- Submit server.csr to PositiveSSL
- Once you receive your SSL Bundle zip, uncompress
cat myserver.key > ~/.znc/znc.pem
cat host_domain_com.crt >> ~/.znc/znc.pem
cat PositiveSSLCA.crt >> ~/.znc/znc.pem
cat UTNAddTrustServerCA.crt >> ~/.znc/znc.pem
That should do it. Drop a note on my Wiki Page if you need any more help.
To use a PositiveSSL, this seemed to be the recipe