DareNET - IRC SSL/TLS Certificates

Our IRC servers support SSL/TLS-enabled connections on ports 6697 and 9999. While we plan to transition to LetsEncrypt in the near future, we currently sign our IRC server certificates using our own DareNET Certificate Authority (CA). This page describes how you can obtain and verify our certificates.


Download CA Certificate

You can download our CA certificate from https://www.darenet.org/ssl/darenet-ca.pem

SHA256 fingerprint: E8:CA:DF:53:4A:B2:D5:D1:E8:4A:56:71:9A:BA:20:06:D7:B4:F4:90:F8:90:88:46:F1:9A:29:76:9B:3E:DC:B7

SHA1 fingerprint: EE:0F:0A:FD:16:6D:3E:BB:EF:9D:D4:D4:E3:8E:49:6D:F8:18:E6:CC

We also offer our CA certificate as a DER encoded certificate.


Why?

We believe it's important that your IRC client be able to verify that the server you're connecting to is really DareNET, and not one pretending to be (see: man-in-the-middle attack). This is achieved by using signed certificates issued by someone you trust, such as DareNET. The certificate allows you to be certain that our servers are who they say they are, and that your messages are not being intercepted in the middle.

Unfornatuely, IRC software has no trusted authorities who verify the ownership of servers, and services like LetsEncrypt did not exist at the time we implemented SSL/TLS support; therefore, our IRC server certificates are signed by us using our own CA. It only works if you import it to your client, or add it to your system's trusted list in advance.

It's still possible to use SSL/TLS without installing our CA, but you'll need to configure your IRC client to accept invalid certificates.