Automatic Identification using a Certificate


Textual supports sending a client-side certificate during Transport Layer Security (TLS) negotiation. This feature allows for automatic, secure identification with NickServ (or other services) without the need for a password.

Skip to section:

Creating Certificate

If you already have a certificate of your own installed, then you can skip this section.

To get started, open Launchpad from the Dock and navigate to the folder named Other. Within this folder, launch the application named Keychain Access. This application has a set of keys on a key ring as its icon.

Once launched, a window will appear that is visually similar to the following:

Image 1

Inside this window, in the top left corner, in the list labeled Keychains; select the keychain named login.

To create a certificate in this keychain, follow these steps:

1. In the main menu, in the top left corner of the screen, open the bold Keychain Access menu. Within this menu, open the Certificate Assistant submenu, then click the menu item labeled Create a Certificate….

Image 2

Once clicked, the following window will appear:

Image 3

2. Inside this window, enter a name into the field labeled Name. The name you chose is not important. It is only used to make your certificate easier to find.

3. Leave the Identity Type as Self Signed Root

4. Change the Certificate Type to SSL Client.

5. Click Create

6. Ignore the You are about to create a self-signed certificate warning by clicking Continue.

After a few seconds your certificate will be ready for immediate use: Image 4

Adding Certificate to Textual

To add a certificate to Textual, follow these steps:

1. Begin by opening Server Properties using the keyboard combination Command U.

2. In the window that appears, click Client Certificate under the Advanced section of the navigation list.

Once clicked, the following window will appear:

Image 5

3. Inside this window, click the Select Certificate button.

A list of certificates will appear:

Image 6

4. Select the certificate that you created.

5. Click the Chose button to continue.

Server Properties will update the window to confirm your selection:

Image 7

6. Finish by clicking the Save button.

Registering Certificate with NickServ

To identify with NickServ using a certificate, the fingerprint of the certificate must be registered.

Which fingerprint you are supposed to register will vary depending on how old the software an IRC network uses is.

Try registering each fingerprint in the following order:

  1. SHA-256
  2. SHA-1
  3. MD5

Registration is made easy thanks to the Copy button next to each fingerprint. When clicked, this button will copy the command needed to register the fingerprint. Paste the result into Textual's main text field and submit.

Using Certificate with SASL

When a client-side certificate is configured, Textual will automatically attempt to use EXTERNAL as the authentication mechanism for SASL. There is nothing that has to be configured to enable this behavior.

For certain use cases, this behavior may not be desirable. This behavior can be disabled using the defaults command.

It is recommended that you do not disable this behavior unless you have a very good reason.

Last modified: August 23, 2017
The contents of this webpage are released into the Public Domain for unlimited distribution.