Automatically Identification using a Certificate


This knowledge base article contains information that is not accurate for Textual 6.

Textual provides the ability to send a client-side certificate during Transport Layer Security (TLS) negotiation allowing for automatic and secure identification with NickServ or other services.

This feature is described in detail below with instructions on creating your own self-signed certificate.

Skip to section:

Creating Certificate

To get started, open Launchpad from the Dock and browse to the folder named Other. Within this folder, launch the application named Keychain Access. This application has a set of keys on a key ring as its icon.

Once launched, a window will appear that is visually similar to the following:

Image 1

Within this window, in the top left corner, in the list labeled Keychains. Select the item named login.

For the purposes of this tutorial, the screenshots shown will use the item named example. This is done to conceal private information. However, for your purposes, the item named login must be selected.

In the global menu bar in the top left corner of the screen select the bold Keychain Access menu by clicking it. From within this menu, select Certificate Assistant and finally Create a Certificate….

Image 7

Once clicked, the following window will appear:

Image 2

Inside the window, enter a name into the field labeled Name. The name is not relevant and is only for reference purposes when browsing your certificates. A name such as “My IRC Certificate” will work fine.

Leave the Identity Type as Self Signed Root

Change the Certificate Type to SSL Client.

Click Create

Ignore the You are about to create a self-signed certificate warning by clicking Continue.

After a few seconds your certificate will be ready for immediate use: Image 3

Adding Certificate to Textual

Start by opening Server Properties by using the keyboard combination Command U.

Select the item named Client Certificate near the bottom of the navigation list under the Advanced section.

After doing so, the window will appear as follows:

Image 4

To select the certificate, click the Select Certificate button.

A list of certificates will appear once clicked. Select the certificate which has the same name of the one that you created.

Finish by clicking the Chose button.

After doing so, the window will update to confirm your selection:

Image 5

By clicking Save, Textual will send the information about this certificate to the configured server when connecting.

Registering Certificate with NickServ

Depending on the configuration of an IRC network's NickServ services, one of two fingerprints must be registered.

In almost every case the SHA-1 Fingerprint is the accepted fingerprint. However, there are times when the MD5 Fingerprint will take its place. If unsure which to use, ask the staff of the IRC network.

To register a fingerprint, click the Copy button beside each fingerprint to copy its value. The value copied can be pasted into the main input text field of Textual without any editing.

Using Certificate with SASL

A few (not many) IRC servers provide support for the SASL EXTERNAL identification mechanism. Textual, when used in combination with a self-signed certificate, can take advantage of this identification mechanism.

See the documentation for the defaults command for information on enabling SASL EXTERNAL support.

Last modified: November 22, 2016

The contents of this webpage are released into the Public Domain for unlimited distribution.