Skip to content

Libera.Chat with SSL and certificates

Jump to bottom
JR edited this page Mar 3, 2023 · 5 revisions

To set up connecting to Libera.Chat using SSL and a client certificate, you first need to have registered a services account by messaging NickServ. Preferably in a normal IRC client so you can input messages easily, but this can also be done using the Pipeline plugin.

Refer to https://libera.chat/guides/certfp for details.

Certificate

First, generate a self-signed certificate:

openssl req -x509 -new -newkey rsa:4096 -sha256 -days 1096 -nodes -out libera.pem -keyout libera.pem

It will ask you to enter details for the certificate, but just enter anything. At least one field must have a value, otherwise they can safely be left empty.

Second, get the sha512 fingerprint for your new certificate:

openssl x509 -in libera.pem -noout -fingerprint -sha512 | awk -F= '{ gsub(":", ""); print tolower ($2) }'

Copy the string this outputs.

Optionally third, move your newly-created libera.pam into your configuration directory.

  • Linux and other Posix: $HOME/.config/kameloso (overridden by $XDG_CONFIG_HOME)
  • Windows: %APPDATA%\kameloso
  • macOS: $HOME/Library/Application Support/kameloso

If the file is not in the configuration directory, you will have to give an absolute path to the file in the step below.

Configuration file

Open your configuration file by passing --gedit or --edit.

  • Change the port to 6697 to enable SSL
  • Enter the path to your newly-created libera.pem as both privateKeyFile and certFile under [Connection]. Relative paths are resolved as starting in your configuration directory
  • Optional: set ssl to true (not required; inferred true by port 6697)
[Connection]
ipv6                        true
privateKeyFile              libera.pem
certFile                    libera.pem
#caBundleFile
ssl                         true

Finally, connect to the server, login with services and send CERT ADD [your sha512 fingerprint] to NickServ to register the certificate to your account.

Addendum

You can use the Pipeline plugin to send all messages needed for this guide.

echo "PRIVMSG NickServ :IDENTIFY nickname [password]" > [email protected]
echo "PRIVMSG NickServ :CERT ADD [your sha512 fingerprint]" > [email protected]
Clone this wiki locally