Adding Custom Certificates To CIITIX-WiFi

CIITIX-WiFi is a turnkey solution to your WiFi hotspot needs. Built onto the rock solid stable debian linux, setting up a secure (TTLS) WiFi hotspot is just a minute away. This guide shows how to set up an AAA server (authentication, authorization and accounting) with CIITIX-WiFi.

CIITIX-WiFi comes with certificates valid till 2020 but  in case someone want to use their own certificates this tutorial can come in handy.

Disclaimer: This is not the only way to achieve this but it does work with CIITIX-WiFi.

CIITIX-WiFi 1.1 can be downloaded from here.

Custom Certificate Creation/Installation

Use the script in the /etc/ssl/ folder i.e CA.all.

If your are not a root user yet, become one.

sudo su -

cd /etc/ssl/

Important:

Edit the ca.all script to alter the default set password "whatever".

vi ca.all

Change the occurrence of "whatever" with your own password, e.g "ciitixwifi".

Hint: You can also run

sed 's/whatever/ciitixwifi/g' ca.all > newCa.all

and run this newCa.all from here onwards.

Run the script:

./ca.all

After answering the questions you should have following stuff generated with in that folder. (Don't worry you can rerun that script even if you haven't got it right the first time. The script will remove the junk.)

Note: The password/passphrase that you enter has no effect. The one inside the script will be used.

root.pem

root.p12

root.der

cert-clt.pem

cert-clt.p12

cert-clt.der

newreq.pem

newcert.pem

demoCA/

cert-srv.pem

cert-srv.p12

cert-srv.der

apart from the few other pre-existing files.

Install New Certificates

Copy cert-srv.pem root.pem root.der cert-clt.p12 cert-clt.pem cert-srv.p12 to the folder /etc/freeradius/certs/.

cp cert-srv.pem root.pem root.der cert-clt.p12 cert-clt.pem cert-srv.p12 \
/etc/freeradius/certs/

chown -R freerad:freerad /etc/freeradius/certs/

Edit the /etc/freeradius/eap.conf file:

vi /etc/freeradius/eap.conf

Do the changes as reflected in the following stanza:

tls {




certdir = ${confdir}/certs

cadir = ${confdir}/certs

private_key_password = ciitixwifi

private_key_file = ${certdir}/cert-srv.pem

certificate_file = ${certdir}/cert-srv.pem

CA_file = ${cadir}/root.pem

dh_file = ${certdir}/dh

random_file = ${certdir}/random

cipher_list = "DEFAULT"

} 

Restart the AAA server:

/etc/init.d/freeradius restart

Client Certificates

Certificates that need to be installed onto the client are:

On Windows client (install them in "Trusted root certificates" section):

root.der

cert-srv.p12

On Linux client:

root.der

cert-srv.pem (p12 also works on Linux)