Author Topic: InspIRCd and GNUTLS  (Read 10158 times)

netfreak

  • Administrator
  • Sr. Member

  • Offline
  • *****
  • 299
    • View Profile
    • Higher Intellect
InspIRCd and GNUTLS
« on: August 04, 2013, 03:03:23 am »
Some quick notes for anyone wanting to get SSL via gnutls in the InspIRCd IRC server:

1) Get a free SSL certificate from www.startssl.com for your domain/subdomain. It will provide you with the private key and the certificate file. Save these as "ssl.key" and "ssl.cert" in your /etc/inspircd folder.
2) Install the necessary packages on your server to handle SSL (in Debian, this will likely be "libgnutls26 libgnutls-dev gnutls-bin pkg-config"
3) Run "openssl rsa -in ssl.key -out ssl.key" inside /etc/inspircd and enter your pass phrase when prompted
4) chown the SSL key and cert to user "irc"
5) Modify your inspircd.conf to include these (modify accordingly for your desired IRC SSL port):
Code: [Select]
<module name="m_ssl_gnutls.so">
<bind address="" port="6669" type="clients" ssl="gnutls">
<gnutls cafile="" crlfile="" certfile="/etc/inspircd/ssl.cert" keyfile="/etc/inspircd/ssl.key" dh_bits="2048">
6) Restart your inspircd and review /var/log/inspircd.log to see if the SSL service is working

This is just a quick and rough guide. It assumes InspIRCd version 2. Self-signed certs will work differently but step 1 provides a site with free certificates that will work out just fine in most cases.
« Last Edit: August 09, 2013, 05:13:53 am by netfreak »