It's that time of the year again: we're renewing the SSL certificates of our IRC servers. We choose to renew our certificates every three years.
Our IRC servers support connecting using SSL, Secure Socket Layer, an encryption layer that helps securing your conversations against eavesdropping. We currently support SSL when connecting via ports 6697 or 7001. With SSL all data between the sender and recipient is encrypted (as long as all parties support SSL) using a private key. If you and a friend are both connected using SSL for instance, private messages between you and him will be end-to-end encrypted. For more details, please read our wiki page on SSL.
To have full control over our certificates, and to not be affected by the current turmoil caused by recent issues
some root CAs have had, we've chosen to create our own Certificate Authority, and sign our certificates with it.
Our public CA can be downloaded from https://www.chat4all.org/ircd-certificates/chat4all-ca.pem.
You can verify the downloaded certificate's SHA1, SHA512 and/or MD5 sum with the following info:
SHA512 Sum: f5a7f899aac98d3ab20b1cb175cbf2c159b7969ac0c607983ca8d23c1a7e06c65e3b6fd7138478ade9231f76914f3d11a4945927e9de02f87579075cc84096fa
SHA1 Sum: f6178f83836b94437cb483a264adbd8f6e724415
MD5 Sum: a6b84819937b3749cbe37097860b51ad
Our public server certificate can be downloaded from https://www.chat4all.org/ircd-certificates/chat4all-server.pem.
You can verify the downloaded certificate's SHA1, SHA512 and/or MD5 sum with the following info:
SHA512 Sum: 6976c808b71755016c5844a8e6de8fc3114a7103e4f17bd539f0d64a584ffc8cffca14b7ef989d4fdb273d77b7ded1643141f213ee65e8d10158c6438a319918
SHA1 Sum: d4d2f62936b5c89487943e0d0415d57cbef96f44
MD5 Sum: 871e1eb19ab199c24da23b985a09b3b0
In general IRC clients will show something like this when connecting over SSL:
subject `C=NL,ST=Noord-Brabant,L=Den Bosch,O=Chat4All,OU=Chat4All IRC,CN=*.chat4all.org,EMAIL=jeroen@wierda.com',
issuer `C=NL,ST=Noord-Brabant,L=Den Bosch,O=Chat4All,OU=Chat4All IRC,CN=chat4all.org,EMAIL=jeroen@wierda.com',
RSA key 4096 bits, signed using RSA-SHA,
activated `2011-09-21 16:29:07 UTC',
expires `2012-09-20 16:29:07 UTC',
SHA-1 fingerprint `df9be0734c9590cb4d0a222b9c5d3c2dc75361d1'
You can verify this information as well by connecting to our IRC servers, and issuing /quote helpop ssl.
Since our Certificate Authority (CA) isn't recognised by many clients (but then again, most clients don't verify against system CAs anyway), you'll either have to ignore the 'untrusted issuer/certificate' warning you might get, or you can import our CA and/or the server's certificate.
We have detailed instructions for a few common clients on our SSL Certificate Authority import instructions wiki
page, for instance for mIRC, XChat, irssi and WeeChat.
If your IRC client isn't listed there, and you need help importing our Certificate Authority, please contact us in
our #help channel.
For those who want to verify the IRC servers' certificates and CA even more, can help themselves to this information:
The details of the Certificate Authority Cert with which our certificates are signed are as follows:
Issuer: C=NL, ST=Noord Brabant, L=Den Bosch, O=Chat4All, OU=Chat4All, CN=chat4all.org/emailAddress=j.wierda@chat4all.net
Serial Number: d5:a9:ec:fa:08:61:f2:b8
Validity
Not Before: Sep 15 19:06:34 2020 GMT
Not After : Sep 13 19:06:34 2030 GMT
SHA512 Sum: f5a7f899aac98d3ab20b1cb175cbf2c159b7969ac0c607983ca8d23c1a7e06c65e3b6fd7138478ade9231f76914f3d11a4945927e9de02f87579075cc84096fa
SHA1 Sum: f6178f83836b94437cb483a264adbd8f6e724415
MD5 Sum: a6b84819937b3749cbe37097860b51ad
$ openssl x509 -sha1 -in chat4all-ca.pem -noout -fingerprint
SHA1 Fingerprint=C6:F8:C0:9F:C3:0D:24:63:90:CA:52:61:05:5C:71:EA:0C:18:15:22
The details of the Certificate used by the servers are:
Issuer: C=NL, ST=Noord Brabant, L=Den Bosch, O=Chat4All, OU=Chat4All, CN=chat4all.org/emailAddress=j.wierda@chat4all.net
Serial Number: 20200915210803 (0x125f64601233)
Validity
Not Before: Sep 15 19:08:16 2020 GMT
Not After : Sep 15 19:08:16 2023 GMT
SHA512 Sum: 6976c808b71755016c5844a8e6de8fc3114a7103e4f17bd539f0d64a584ffc8cffca14b7ef989d4fdb273d77b7ded1643141f213ee65e8d10158c6438a319918
SHA1 Sum: d4d2f62936b5c89487943e0d0415d57cbef96f44
MD5 Sum: 871e1eb19ab199c24da23b985a09b3b0
$ openssl x509 -sha1 -in server.cert.pem -noout -fingerprint
SHA1 Fingerprint=DC:E5:64:EF:AB:09:E4:10:76:02:F6:A0:E2:90:1A:56:15:0D:45:70
~2020-09-16, Filip H.F. "FiXato" Slagter, Co-Network Administrator Chat4All IRC Network.