Some networks allow /msg NickServ cert add
(without a fingerprint) to whitelist the current client cert. Maybe we could:
/msg BouncerServ certfp generate
, but still stick to password-based auth/msg NickServ cert add
and switch to pure certificate-based authMaybe a little fragile.