::.. =[]= ..::     ::.. =[]= ..::     ::.. =[]= ..::     ::.. =[]= ..::

By Doemela avatar | June 29, 2016 - 9:28 pm
Creating an ssl certificate with Cygwin

Installing and Updating Cygwin Packages

Installing and Updating Cygwin for 32-bit versions of Windows
Run setup-x86.exe any time you want to update or install a Cygwin package for 32-bit windows. The signature for setup-x86.exe can be used to verify the validity of this binary using this public key.

Installing and Updating Cygwin for 64-bit versions of Windows
Run setup-x86_64.exe any time you want to update or install a Cygwin package for 64-bit windows. The signature for setup-x86_64.exe can be used to verify the validity of this binary using this public key.

General installation notes
When installing packages for the first time, setup*.exe does not install every package. Only the minimal base packages from the Cygwin distribution are installed by default, which takes up about 100 MB.

Clicking on categories and packages in the setup*.exe package installation screen allows you to select what is installed or updated.

Individual packages like bash, gcc, less, etc. are released independently of the Cygwin DLL, so the Cygwin DLL version is not useful as a general Cygwin release number. The setup*.exe utility tracks the versions of all installed components and provides the mechanism for installing or updating everything available from this site for Cygwin.

Once you’ve installed your desired subset of the Cygwin distribution, setup*.exe will remember what you selected so rerunning the program will update your system with any new package releases.

On Windows Vista and later, setup*.exe will check by default if it runs with administrative privileges and, if not, will try to elevate the process. If you want to avoid this behaviour and install under an unprivileged account just for your own usage, run setup*.exe with the –no-admin option.

The setup*.exe installer is designed to be easy for new users to understand while remaining flexible for the experienced. The volunteer development team is constantly working on setup*.exe; before requesting a new feature, check the wishlist in the README.

    To create a new self-signed certificate:

  1. Open a Cygwin command shell:
  2. Use openssl to create a new RSA certificate. We suggest a 2048-bit certificate, but 1024, 4096, or other lengths may also work if your IRC client supports them. If you do not want to protect your certificate with a passphrase, add -nodes to the options below. Not having a passphrase means anybody with access to read your certificate file will be able to identify as you. With a passphrase, both access to the certificate file and knowledge of the passphrase would be required. The certificate generated will expire in two years. If you want a longer/shorter time, you can change the number after -days.
    openssl req -newkey rsa:2048 -days 730 -x509 -keyout mynick.key -out mynick.cert
  3. OpenSSL will ask for a passphrase (unless you added -nodes), and depending on its configuration, perhaps a number of other attributes. The values you enter are not important to the IRC server.
    Enter PEM pass phrase:
    Verifying – Enter PEM pass phrase:
    —– Country Name (2 letter code) [AU]:CA
    State or Province Name (full name) [Some-State]:Saskatchewan
    Locality Name (eg, city) []:Saskatoon
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:
    Organizational Unit Name (eg, section) []:Information Logistics
    Common Name (eg, YOUR name) []:Nifflewhim Bunderluff
    Email Address []:niff@example.com
  4. Now you have your certificate key and your self-signed certificate. For most IRC clients, you can combine the certificate and key together into a single PEM file.
    cat mynick.cert mynick.key > mynick.pem
  5. NickServ will need to know your certificate’s fingerprint later, so save the output of this command temporarily:
    openssl x509 -sha1 -noout -fingerprint -in mynick.pem | sed -e ‘s/^.*=//;s/://g;y/ABCDEF/abcdef/’

    The output will look like: f1ecf46714198533cda14cccc76e5d7114be4195. (The | sed … part is optional and just removes the colons and other irrelevant parts from the openssl output.)

  6. If your IRC client supports using the PEM file, you can delete the cert and key files.
    rm mynick.cert mynick.key
  7. Move the PEM file (and/or cert and key files) to the appropriate directory for your IRC client. Double-check that the permissions are restricted so only you can read the file. You can close the shell and configure NickServ and your client.

If you know of any additions or corrections, or would like to contribute improvements, contact us



  • You can follow any responses to this entry through the RSS 2.0 feed.

This Post is Tagged with: