Steps to use CertFP on Irssi & Freenode

NOTE: This document requires that you already have an account with NickServ on Freenode, see https://freenode.net/kb/answer/registration

On your shell:

( Command taken from https://freenode.net/kb/answer/certfp )

openssl req -x509 -new -newkey rsa:4096 -sha256 -days 1000 -nodes -out freenode.pem -keyout freenode.pem

Then copy it somewhere, e.g. your Irssi folder:

cp -i freenode.pem ~/.irssi

In Irssi:

First, you have to log in with Username & Password, register them in Irssi:

/network modify -sasl_mechanism PLAIN -sasl_username YOURUSERNAME -sasl_password YOURPASSWORD Freenode

Next, you have to register the TLS Certificate Key you created above:

/server modify -tls_verify -tls_cert ~/.irssi/freenode.pem chat.freenode.net 6697

Now, connect to Freenode ( with User & Pass )

/connect Freenode

After you are connected, register your Certificate Key with NickServ:

/msg NickServ CERT ADD

It will respond to you, if you did everything right:

-NickServ(NickServ@services.)- Added fingerprint XXXXXX to your fingerprint list.

Change the login from Password to Certificate Key:

Disconnect:

/disconnect

Clear the password and change to SASL EXTERNAL:

/network modify -sasl_password '' -sasl_mechanism EXTERNAL Freenode

Test it:

/connect Freenode

You can verify if you are logged in with Certificate Key by doing:

/whois YOURNICK

It will output:

-!-           : has client certificate fingerprint xxxxxxx

Make sure to

/save