Certificate fingerprint

When you use SSL/TLS to connect to a server you can configure your IRC client to use a client certificate. Your client certificate results in something called a certificate fingerprint (or certfp) which is a string of hexadecimal values (SHA256). It is shown in.

Certificate fingerprints can be used at a lot of places:
 * In Services like anope and atheme to authenticate the user
 * Instead of a password, for example in the oper block
 * At any place where a Mask item is used, for example in the allow block to give such a user a maxperip of 25.
 * In a Security-group block
 * Etc...

Configuring your client
XYZ has client certificate fingerprint e74d46f19ff468f5e8e349cc285df96585ba4f16b64902e334e6e76afe76a798 If you do not see a line stating a "client certificate fingerprint", then your IRC client is NOT configured correctly to use the SSL/TLS client certificate. Consult your IRC client documentation.
 * Create an SSL/TLS client certificate if you don't have one already. Search the web for irc client certificate if you don't know how to do this.
 * Connect to IRC with your client, using your client certificate (consult your IRC client documentation)
 * On IRC simply  yourself and you will see a line like:

Using certfp in Services

 * Identify to your account and then use . You can view your current certfp for a services account via.

Adding the certfp in the config file
If  is the certificate fingerprint, then you can use it:
 * In a password item:
 * In a mask item:
 * In a security-group:

See next section for examples.

Security group combining oper block and more
NOTE: This example is for UnrealIRCd 6.0.4 and higher

This example will:
 * 1) define a security-group with a certificate fingerprint
 * 2) use it in an oper block with auto-login
 * 3) exempt that user from (nearly) all server bans

security-group Admin1 { certfp "e74d46f19ff468f5e8e349cc285df96585ba4f16b64902e334e6e76afe76a798"; } oper Admin1 { auto-login yes; mask { security-group Admin1; } operclass netadmin-with-override; class opers; } except ban { mask { security-group Admin1; } type all; }

Exempting from server bans
NOTE: This example is for UnrealIRCd 6.0.4 and higher

Use an except ban block so a trusted person can bypass most server bans (KLINE/GLINE/..) and other restrictions (maxperip, spamfilter, etc): except ban { mask { certfp e74d46f19ff468f5e8e349cc285df96585ba4f16b64902e334e6e76afe76a798; } type all; } NOTE: The person is not exempt from  and   because these take effect before the certificate fingerprint is received.

More commands per second
This allows users to send more commands per second: security-group flood-users { include-mask { certfp e74d46f19ff468f5e8e349cc285df96585ba4f16b64902e334e6e76afe76a798; } }

set { anti-flood { flood-users { /* 100 means one command per 100ms. That is 10 commands/second. * The burst capability is always 10 times that, so 100 commands/second. */           lag-penalty 100; lag-penalty-bytes 0; }  } }

Note that IRCOps can already flood at full speed (no lag penalty).