Adding Custom Certificates To CIITIX-WiFi
CIITIX-WiFi is a turnkey solution to your WiFi hotspot needs. Built onto the rock solid stable debian linux, setting up a secure (TTLS) WiFi hotspot is just a minute away. This guide shows how to set up an AAA server (authentication, authorization and accounting) with CIITIX-WiFi.
CIITIX-WiFi comes with certificates valid till 2020 but in case someone want to use their own certificates this tutorial can come in handy.
Disclaimer: This is not the only way to achieve this but it does work with CIITIX-WiFi.
CIITIX-WiFi 1.1 can be downloaded from here.
Custom Certificate Creation/Installation
Use the script in the /etc/ssl/ folder i.e CA.all.
If your are not a root user yet, become one.
sudo su -
cd /etc/ssl/
Important:
Edit the ca.all script to alter the default set password "whatever".
vi ca.all
Change the occurrence of "whatever" with your own password, e.g "ciitixwifi".
Hint: You can also run
sed 's/whatever/ciitixwifi/g' ca.all > newCa.all
and run this newCa.all from here onwards.
Run the script:
./ca.all
After answering the questions you should have following stuff generated with in that folder. (Don't worry you can rerun that script even if you haven't got it right the first time. The script will remove the junk.)
Note: The password/passphrase that you enter has no effect. The one inside the script will be used.
root.pem
root.p12
root.der
cert-clt.pem
cert-clt.p12
cert-clt.der
newreq.pem
newcert.pem
demoCA/
cert-srv.pem
cert-srv.p12
cert-srv.der
apart from the few other pre-existing files.
Install New Certificates
Copy cert-srv.pem root.pem root.der cert-clt.p12 cert-clt.pem cert-srv.p12 to the folder /etc/freeradius/certs/.
cp cert-srv.pem root.pem root.der cert-clt.p12 cert-clt.pem cert-srv.p12 \
/etc/freeradius/certs/
chown -R freerad:freerad /etc/freeradius/certs/
Edit the /etc/freeradius/eap.conf file:
vi /etc/freeradius/eap.conf
Do the changes as reflected in the following stanza:
tls { certdir = ${confdir}/certs cadir = ${confdir}/certs private_key_password = ciitixwifi private_key_file = ${certdir}/cert-srv.pem certificate_file = ${certdir}/cert-srv.pem CA_file = ${cadir}/root.pem dh_file = ${certdir}/dh random_file = ${certdir}/random cipher_list = "DEFAULT" }
Restart the AAA server:
/etc/init.d/freeradius restart
Client Certificates
Certificates that need to be installed onto the client are:
On Windows client (install them in "Trusted root certificates" section):
root.der
cert-srv.p12
On Linux client:
root.der
cert-srv.pem (p12 also works on Linux)