@sarahjamielewis@mastodon.social recently announced an IRC server with a self-signed certificate. What if you have an IRC client that keeps complaining about this?
On a system like Debian, you can download the certificate and install it such that all applications trust it.
# Get certificate from the correct port openssl s_client -showcerts -connect resistant.tech:6697 \ < /dev/null \ 2> /dev/null \ | openssl x509 -outform PEM \ > resistant-tech.pem # Compare fingerprint with # 63:B1:2E:A7:8A:BD:8A:33:B5:62:21:7C:42:71:75:66:43:BA:D2:78:21:09:8E:80:17:7E:28:D2:58:65:E6:48 openssl x509 -in resistant-tech.pem -noout -sha256 -fingerprint # Install on Debian (the new extension is important) sudo mv --interactive resistant-tech.pem /usr/local/share/ca-certificates/resistant-tech.crt sudo dpkg-reconfigure ca-certificates # The output above should say "1 added, 0 removed; done" somewhere # Test it gnutls-cli resistant.tech:6697
If the output says "PKI verification of server certificate failed..." then the installation didn't work.
If the output says "Handshake was completed" and seems to hang, that's because you can now type raw IRC commands.
#Administration
(I saw comments by myself on related Stack Exchange questions from 2014. 😑)