Adding Custom Certificates To CIITIX-WiFi

CIITIX-WiFi is a turnkey solution to your WiFi hotspot needs. Built onto the rock solid stable debian linux, setting up a secure (TTLS) WiFi hotspot is just a minute away. This guide shows how to set up an AAA server (authentication, authorization and accounting) with CIITIX-WiFi.

CIITIX-WiFi comes with certificates valid till 2020 but  in case someone want to use their own certificates this tutorial can come in handy.

Disclaimer: This is not the only way to achieve this but it does work with CIITIX-WiFi.

CIITIX-WiFi 1.1 can be downloaded from here.


Custom Certificate Creation/Installation

Use the script in the /etc/ssl/ folder i.e CA.all.

If your are not a root user yet, become one.

sudo su -
cd /etc/ssl/


Edit the ca.all script to alter the default set password "whatever".

vi ca.all

Change the occurrence of "whatever" with your own password, e.g "ciitixwifi".

Hint: You can also run

sed 's/whatever/ciitixwifi/g' ca.all > newCa.all 

and run this newCa.all from here onwards.

Run the script:


After answering the questions you should have following stuff generated with in that folder. (Don't worry you can rerun that script even if you haven't got it right the first time. The script will remove the junk.)

Note: The password/passphrase that you enter has no effect. The one inside the script will be used.


apart from the few other pre-existing files.


Install New Certificates

Copy cert-srv.pem root.pem root.der cert-clt.p12 cert-clt.pem cert-srv.p12 to the folder /etc/freeradius/certs/.

cp cert-srv.pem root.pem root.der cert-clt.p12 cert-clt.pem cert-srv.p12 \

chown -R freerad:freerad /etc/freeradius/certs/

Edit the /etc/freeradius/eap.conf file:

vi /etc/freeradius/eap.conf

Do the changes as reflected in the following stanza:

tls {

certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_password = ciitixwifi
private_key_file = ${certdir}/cert-srv.pem
certificate_file = ${certdir}/cert-srv.pem
CA_file = ${cadir}/root.pem
dh_file = ${certdir}/dh
random_file = ${certdir}/random
cipher_list = "DEFAULT"

Restart the AAA server:

/etc/init.d/freeradius restart 


Client Certificates

Certificates that need to be installed onto the client are:

On Windows client (install them in "Trusted root certificates" section):


On Linux client:

cert-srv.pem (p12 also works on Linux)
Share this page:

Suggested articles

0 Comment(s)

Add comment