# Adding a client certificate for tilde.chat

I switched my auth mechanism for tilde.chat from password to client
certificate. Not a complex procedure, and described many times
everywhere, but I’ll make a note to myself anyway.

## Generating a cert

Some usual `openssl` magic.

```
$ umask 77
$ nd ~/.ssl                   # “new directory” function: mkdir + cd

$ openssl req -x509 -new -newkey ed25519 -sha256 -days 3650 -nodes \
 -out jsv.crt -keyout jsv.key

```

I filled the CN and e-mail fields, but it’s not necessary and
probably not to be recommended.

I use `erc`, so I do not need .pem for it.

## Emacs-side

All I have to do here is to add `:client-certificate` to my
connection function:

```
(erc-tls :server server :port (or port "6697") :nick (or nick "jsv")
        :client-certificate
        '("/home/jsv/.ssl/jsv.key" "/home/jsv/.ssl/jsv.crt"))
```

Note, that it doesn’t expand “~” in paths there, so I have to either
specify them fully or expand them myself.

## Registering the cert with NickServ

Given that I’ve already registered a nick, all I need now is (after
the usual password login):

   /msg NickServ CERT ADD

And that’s all. I can remove the password from my secrets on that
machine, it’s no longer needed there.