Updated SSL Certificates

It's that time of the year again: we're renewing the SSL certificates of our IRC servers. We choose to renew our certificates annually to make sure they stay fresh and use up to date encryptions.

SSL? What do you mean?

Our IRC servers support connecting using SSL, Secure Socket Layer, an encryption layer that helps securing your conversations against eavesdropping. We currently support SSL when connecting via ports 6697 or 7001. With SSL all data between the sender and recipient is encrypted (as long as all parties support SSL) using a private key. If you and a friend are both connected using SSL for instance, private messages between you and him will be end-to-end encrypted. For more details, please read our wiki page on SSL.

A new Certificate Authority

To have full control over our certificates, and to not be affected by the current turmoil caused by recent issues some root CAs have had, we've chosen to create our own Certificate Authority, and sign our certificates with it.
Our public CA can be downloaded from https://www.chat4all.org/ircd-certificates/chat4all-ca.pem.
You can verify the downloaded certificate's SHA1, SHA512 and/or MD5 sum with the following info:

        SHA512 Sum: ec096fdcec43d0406fdbf18cec736e48492f14cc5c84769f1bda7da1d3a5c68ad9fe23869b4ccbfc4ecd2cbd0bbf26f9b1cb111c70a611777bf99feabd099c8d
        SHA1 Sum: 4faa93f37a9ee19bb8669e121aedb79460e7fc2d
        MD5 Sum: b7603ebfc6f8711a2a71240b179eb354
  

Our public server certificate can be downloaded from https://www.chat4all.org/ircd-certificates/chat4all-server.pem.
You can verify the downloaded certificate's SHA1, SHA512 and/or MD5 sum with the following info:

        SHA512 Sum: edd05cfebdb39b7b627927600c1ee7c0103e44a4dce41237d2b76a77cd1a66f2b08b0527fe088f535b47840643509d010da3da23a0da0e874ea2144e8059e94f
        SHA1 Sum: 0d637b862a7d5b93d0c477e1501550bc55c55fca
        MD5 Sum: 312b266aa9e51f535834abcbedccf82e
  

In general IRC clients will show something like this when connecting over SSL:

        subject `C=NL,ST=Noord-Brabant,L=Den Bosch,O=Chat4All,OU=Chat4All IRC,CN=*.chat4all.org,EMAIL=jeroen@wierda.com',
        issuer `C=NL,ST=Noord-Brabant,L=Den Bosch,O=Chat4All,OU=Chat4All IRC,CN=chat4all.org,EMAIL=jeroen@wierda.com',
        RSA key 4096 bits, signed using RSA-SHA,
        activated `2011-09-21 16:29:07 UTC',
        expires `2012-09-20 16:29:07 UTC',
        SHA-1 fingerprint `df9be0734c9590cb4d0a222b9c5d3c2dc75361d1'
  

You can verify this information as well by connecting to our IRC servers, and issuing /quote helpop ssl.

What does this mean for you?

Since our Certificate Authority (CA) isn't recognised by many clients (but then again, most clients don't verify against system CAs anyway), you'll either have to ignore the 'untrusted issuer/certificate' warning you might get, or you can import our CA and/or the server's certificate.

We have detailed instructions for a few common clients on our SSL Certificate Authority import instructions wiki page, for instance for mIRC, XChat, irssi and WeeChat.
If your IRC client isn't listed there, and you need help importing our Certificate Authority, please contact us in our #help channel.

Need more details?

For those who want to verify the IRC servers' certificates and CA even more, can help themselves to this information:

The details of the Certificate Authority Cert with which our certificates are signed are as follows:

  Issuer: C=NL, ST=Noord-Brabant, L=Den Bosch, O=Chat4all IRC Network, CN=chat4all.org/emailAddress=j.wierda@chat4all.org
  RSA key 4096 bits, signed using RSA-SHA,
  Serial Number: db:dd:bd:6b:3e:f9:b6:ec
  Validity:
        Not Before: Sep 18 11:01:21 2017 GMT
        Not After: Sep 16 11:01:21 2027 GMT
        SHA512 Sum: ec096fdcec43d0406fdbf18cec736e48492f14cc5c84769f1bda7da1d3a5c68ad9fe23869b4ccbfc4ecd2cbd0bbf26f9b1cb111c70a611777bf99feabd099c8d
        SHA1 Sum: 4faa93f37a9ee19bb8669e121aedb79460e7fc2d
        MD5 Sum: b7603ebfc6f8711a2a71240b179eb354

$ openssl x509 -sha1 -in chat4all-ca.pem -noout -fingerprint
        SHA1 Fingerprint=0F:65:D3:D1:B8:93:27:0E:05:F2:E9:69:64:D0:02:E6:AA:B5:F3:E2
  

The details of the Certificate used by the servers are:

  Issuer: C=NL, ST=Noord-Brabant, L=Den Bosch, O=Chat4all IRC Network, CN=chat4all.org/emailAddress=j.wierda@chat4all.org,
  RSA key 4096 bits, signed using RSA-SHA,
  Serial Number: 12:58:68:68:f2:30
  Validity:
        Not Before: Sep 18 11:02:29 2017 GMT
        Not After : Sep 17 11:02:29 2020 GMT
        SHA512 Sum: edd05cfebdb39b7b627927600c1ee7c0103e44a4dce41237d2b76a77cd1a66f2b08b0527fe088f535b47840643509d010da3da23a0da0e874ea2144e8059e94f
        SHA1 Sum: 0d637b862a7d5b93d0c477e1501550bc55c55fca
        MD5 Sum: 312b266aa9e51f535834abcbedccf82e

$ openssl x509 -sha1 -in server.cert.pem -noout -fingerprint
        SHA1 Fingerprint=ED:16:23:26:BE:D0:01:49:85:FD:CD:D5:56:D4:5E:1C:4F:04:AF:C1
  

~2014-09-21, Filip H.F. "FiXato" Slagter, Co-Network Administrator Chat4All IRC Network.