`pem` -> `.pem` for HexChat and Konversation (#451)

[irc/freenode/web-7.0.git] / content / kb / using / certfp.md

diff --git a/content/kb/using/certfp.md b/content/kb/using/certfp.md
index 8032c0816fea30b2bfca26b0384ccf9576ae6cfb..1fafe6dac1eda47d1cf0e9a507e8342817b19cbb 100644 (file)
--- a/content/kb/using/certfp.md
+++ b/content/kb/using/certfp.md
@@ -6,6 +6,8 @@ Slug: certfp
 As an alternative to password-based authentication, you can connect to freenode
 with a TLS certificate and have services recognise it automatically.
 
+For SASL EXTERNAL to work, you must connect over SSL. 
+
 Creating a self-signed certificate
 ==================================
 
@@ -14,7 +16,7 @@ you are using Windows and do not have a copy, you might consider using Cygwin.
 
 You can generate a certificate with the following command:
 
-    openssl req -x509 -new -newkey rsa:4096 -sha256 -days 1000 -out freenode.pem -keyout freenode.pem
+    openssl req -x509 -new -newkey rsa:4096 -sha256 -days 1000 -nodes -out freenode.pem -keyout freenode.pem
 
 You will be prompted for various pieces of information about the certificate.
 The contents do not matter for our purposes, but `openssl` needs at least one of
@@ -58,7 +60,7 @@ weechat
 Move the certificates you created above to ~/.weechat/certs
 
     mkdir ~/.weechat/certs
-    mv nick.pem ~/.weechat/certs
+    mv freenode.pem ~/.weechat/certs
 
 Now disconnect and remove the current freenode server(s). Re-add it with the
 SSL flag, using your newly generated certificate. Note that these commands are
@@ -67,7 +69,7 @@ just examples, you have to adapt them to your current servers.
     /set irc.server.freenode.addresses chat.freenode.net/6697
     /set irc.server.freenode.ssl on
     /set irc.server.freenode.ssl_verify on
-    /set irc.server.freenode.ssl_cert %h/certs/nick.pem
+    /set irc.server.freenode.ssl_cert %h/certs/freenode.pem
     /set irc.server.freenode.sasl_mechanism external
 
 and then reconnect to freenode.
@@ -77,6 +79,35 @@ znc
 
 Refer to znc's [official documentation](http://wiki.znc.in/Cert).
 
+HexChat
+-------
+
+Place the .pem file in `certs/client.pem` in the HexChat config
+directory (`~/.config/hexchat/` or `%appdata%\HexChat`). Note
+that the `certs` directory does not exist by default and you will have to
+create it yourself. Once the file is there, all subsequent SSL connections
+will use the certificate.
+
+If you connect to multiple IRC networks, you should keep in mind that using the
+filename `certs/client.pem` will send the same certificate to all networks. If
+you prefer per-network certificates, use the name of the network exactly 
+as it appears in the network list (Ctrl-S), including capitalisation and
+punctuation (e.g. `certs/freenode.pem` or `certs/Example Server.pem`).
+
+Konversation
+------------
+
+Create the .pem file as per above, then place it wherever you want.
+Start Konversation, then open the Identity dialogue by either pressing F8
+or via the Settings menu entry. Choose the identity you use for the 
+freenode network or create a new one. 
+In the part `Auto Identity` you have to choose `SASL External (Cert)`
+as the `Type` for SASL External or `SSL CLient Certificate` for CertFP.
+SASL External requires at least version 1.7 of Konversation. 
+Optionally fill in your account name in the `Account`field. 
+You can then choose the certificate you created with the file picker
+or enter the path manually in the field next to it.
+Once done, apply the configuration and (re)connect to freenode.
 
 Add your fingerprint to NickServ
 ================================