# Adding a client certificate for tilde.chat

I switched my auth mechanism for tilde.chat from password to client
certificate. Not a complex procedure, and described many times
everywhere, but I’ll make a note to myself anyway.

## Generating a cert

Some usual `openssl` magic.

```
$ umask 77
$ nd ~/.ssl                   # “new directory” function: mkdir + cd

$ openssl req -x509 -new -newkey ed25519 -sha256 -days 3650 -nodes \
 -out jsv.crt -keyout jsv.key

```

I filled the CN and e-mail fields, but it’s not necessary and
probably not to be recommended.

I use `erc`, so I do not need .pem for it.

## Emacs-side

All I have to do here is to add `:client-certificate` to my
connection function:

```
(erc-tls :server server :port (or port "6697") :nick (or nick "jsv")
        :client-certificate
        '("/home/jsv/.ssl/jsv.key" "/home/jsv/.ssl/jsv.crt"))
```

Note, that it doesn’t expand “~” in paths there, so I have to either
specify them fully or expand them myself.

## Registering the cert with NickServ

Given that I’ve already registered a nick, all I need now is (after
the usual password login):

   /msg NickServ CERT ADD

And that’s all. I can remove the password from my secrets on that
machine, it’s no longer needed there.

You are viewing proxied material from tilde.pink. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.