Adding Custom Certificates To CIITIX-WiFi

Want to support HowtoForge? Become a subscriber!
 
Submitted by awan (Contact Author) (Forums) on Fri, 2010-07-23 15:31. :: Linux

Adding Custom Certificates To CIITIX-WiFi

CIITIX-WiFi is a turnkey solution to your WiFi hotspot needs. Built onto the rock solid stable debian linux, setting up a secure (TTLS) WiFi hotspot is just a minute away. This guide shows how to set up an AAA server (authentication, authorization and accounting) with CIITIX-WiFi.

CIITIX-WiFi comes with certificates valid till 2020 but  in case someone want to use their own certificates this tutorial can come in handy.

Disclaimer: This is not the only way to achieve this but it does work with CIITIX-WiFi.

CIITIX-WiFi 1.1 can be downloaded from here.

 

Custom Certificate Creation/Installation

Use the script in the /etc/ssl/ folder i.e CA.all.

If your are not a root user yet, become one.

sudo su -

cd /etc/ssl/

Important:

Edit the ca.all script to alter the default set password "whatever".

vi ca.all

Change the occurrence of "whatever" with your own password, e.g "ciitixwifi".

Hint: You can also run

sed 's/whatever/ciitixwifi/g' ca.all > newCa.all

and run this newCa.all from here onwards.

Run the script:

./ca.all

After answering the questions you should have following stuff generated with in that folder. (Don't worry you can rerun that script even if you haven't got it right the first time. The script will remove the junk.)

Note: The password/passphrase that you enter has no effect. The one inside the script will be used.

root.pem

root.p12

root.der

cert-clt.pem

cert-clt.p12

cert-clt.der

newreq.pem

newcert.pem

demoCA/

cert-srv.pem

cert-srv.p12

cert-srv.der

apart from the few other pre-existing files.

 

Install New Certificates

Copy cert-srv.pem root.pem root.der cert-clt.p12 cert-clt.pem cert-srv.p12 to the folder /etc/freeradius/certs/.

cp cert-srv.pem root.pem root.der cert-clt.p12 cert-clt.pem cert-srv.p12 \
/etc/freeradius/certs/

chown -R freerad:freerad /etc/freeradius/certs/

Edit the /etc/freeradius/eap.conf file:

vi /etc/freeradius/eap.conf

Do the changes as reflected in the following stanza:

tls {


certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = ciitixwifi
private_key_file = ${certdir}/cert-srv.pem
certificate_file = ${certdir}/cert-srv.pem
CA_file = ${cadir}/root.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
cipher_list = "DEFAULT"
}

Restart the AAA server:

/etc/init.d/freeradius restart

 

Client Certificates

Certificates that need to be installed onto the client are:

On Windows client (install them in "Trusted root certificates" section):

root.der

cert-srv.p12

On Linux client:

root.der

cert-srv.pem (p12 also works on Linux)


Copyright © 2010 osman
All Rights Reserved.
add comment | view as pdf view as pdf | Display a printer-friendly version of this page. print
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.