User Tools

Site Tools


ssl_certificate

Generate a SSL certificate

This feature is only available on AndroIRC 3.3 and above

Starting with AndroIRC v3.3, you can use a SSL certificate to automatically identify your registered nickname with NickServ on connect (with compatible server, like OFTC). Below are the steps needed to generate such a SSL certificate.

Creating a self-signed certificate

To do that, you'll need OpenSSL, which is available on most Unix/Linux platform. Windows ports are also available.

Generate the key and certificate

Just use the following command line to generate the certificate :

$ openssl req -nodes -newkey rsa:2048 -keyout certificate.pem -x509 -days 3650 -out certificate.pem

Output:

Generating a 2048 bit RSA private key
................................+++
..........+++
writing new private key to 'certificate.pem'
-----
  -
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

You'll need to enter some personal information about you. If you want to, you can leave some fields empty. You should now have a certificate.pem file. This file contains your private key and your certificate. Use this command to protected your certificate.

chmod 400 certificate.pem

Convert your certificate to PKCS12 format

In order to use your certificate in AndroIRC, you'll need to convert it to the PKCS12 format. To do that, simply use

openssl pkcs12 -in certificate.pem -export -out certificate.pfx

It'll ask for a password to protected your new certificate. Enter whatever you want (you can also leave the password empty if you want).

Congrats, you now have a working certificate.

Use the certificate in AndroIRC

  • The first thing you'll need to do is to put the certificate in your sdcard. The certificate must be in the following directory (the *certs* directory may not exists by default, you'll need to create it) AndroIRC/certs/. Remember the name of your certificate, you'll need it later.
  • Now, edit the server in AndroIRC where you want to use your new certificate. You'll notice three new options: Use SSL certificate, SSL certificate filename, and SSL certificate password. Check the Use SSL certificate checkbox, and edit the SSL certificate filename to match the name of your certificate file. If you have followed this guide exactly, your file should be nammed certificate.pfx. If you have set a password for your certificate, enter it in the SSL certificate password option.
  • Be sure that Use secured connection is checked before trying to use your new SSL certificate.
  • Go back, and try to connect to your new server. AndroIRC should tell you it has successfully loaded your certificate.
  • Enjoy!
ssl_certificate.txt · Last modified: 2015/02/05 12:04 (external edit)