# Adding a client certificate for tilde.chat
I switched my auth mechanism for tilde.chat from password to client
certificate. Not a complex procedure, and described many times
everywhere, but I’ll make a note to myself anyway.
## Generating a cert
Some usual `openssl` magic.
```
$ umask 77
$ nd ~/.ssl # “new directory” function: mkdir + cd
$ openssl req -x509 -new -newkey ed25519 -sha256 -days 3650 -nodes \
-out jsv.crt -keyout jsv.key
```
I filled the CN and e-mail fields, but it’s not necessary and
probably not to be recommended.
I use `erc`, so I do not need .pem for it.
## Emacs-side
All I have to do here is to add `:client-certificate` to my
connection function:
```
(erc-tls :server server :port (or port "6697") :nick (or nick "jsv")
:client-certificate
'("/home/jsv/.ssl/jsv.key" "/home/jsv/.ssl/jsv.crt"))
```
Note, that it doesn’t expand “~” in paths there, so I have to either
specify them fully or expand them myself.
## Registering the cert with NickServ
Given that I’ve already registered a nick, all I need now is (after
the usual password login):
/msg NickServ CERT ADD
And that’s all. I can remove the password from my secrets on that
machine, it’s no longer needed there.