How to configure the WiKID Strong Authentication 4.0 using the Quick-setup option

The 4.0 release of the WiKID Strong Authentication System has two major new features. First it is now free for up to 5 users making it perfect for home users, small businesses or long-term testing. Second, there's a new quick-start configuration system. You create a text file with pertinent information about your network and use it to build a fully-functioning two-factor authentication server. This tutorial will show you how to use this new feature.

Start by copying the sample file to your directory. I assume you are the root user or have appropriate sudo permissions.

# cp /opt/WiKID/conf/ wikid.conf

Now edit the file with your preferred editor.

# vim wikid.conf

Now, let's look at each part and what should go there. Note that semi-colons indicate a commented line.

; passphrase for protecting certs --------------------------------------


This passphrase will be used to protect the server's evaluation certificate. DO NOT LOSE IT! You will need it to start the server (or put it in /etc/WiKID/security). You will need it when you install the permanent certs. Note that the evaluation cert must be updated with the 5 user free license within 30 days.


; name to give the domain ----------------------------------------------


This is the WiKID domain name. It will listed on the WiKID tokens for your users to see. We recommend something fairly generic as you may start out only protecting your VPN, but you may add SSH or Google Apps. So 'Company X Auth' or something similar.


; IP of the server -----------------------------------------------------


The external IP address of the server. Remember: our tokens talk to the WiKID server.


; 0-Padded IP without dots ---------------------------------------------


The users will enter this domain code when setting up their tokens. It is zero-padded to make it easier to enter. They only enter it once per token. There is no need to keep it secret - the security comes in the registration process, not the token setup.


; full hostname of the server; can be same as cn value ----------------------


The fully-qualifed domain name of the server.


; information for setting up a RADIUS host


This configures a RADIUS network client on the WiKID Server. This would be your RADIUS server such as NPS or Freeradius or the service that is authenticating using WiKID - your VPN, webserver, SSH gateway, etc.


; optionally create an extra host cert for wauth; leave blank if not needed


If you are creating a client that uses our API, wAuth, then enter its IP address here. If not or you don't know what this is, don't worry it's not required. Just leave it blank. Note that its client p12 file will be protected by the passphrase above.


; cert properties ------------------------------------------------------
; administrative email for this server
[email protected]
; hostname of server
; organization/company name
; department or other OU
; city
; full name of state
; 2-letter country code


This is the information that will be used to generate the server's certificate. It needs to be unique. If you enter valid information, you can convert the evaluation certificate into a production cert quite easily. If not, you will need to recreate your certificate signing request via the WiKIDAdmin Web UI. We respect your privacy and will not sell this information, of course.

Now, save the file and run the quick-setup command:

# wikidctl quick-setup configfile=wikid.conf

As the command runs, you will see output like:

= Checking for valid args ...
= Make sure Pg is running ...
= Checking if DB exists ...NO!
== Setting up new DB ...
log4j:WARN No appenders could be found for logger (com.mchange.v2.log.MLog).
log4j:WARN Please initialize the log4j system properly.
== Got Pg connection ...
= Setting up intermediate CA cert ...
= Submitting intermediate CA CSR ...
= Creating Tomcat cert ...
= Installing intermediate CA cert ...
== Intermediate cert installation completed!
= Setting up cert for localhost ...
== Setting up localhost settings ...
== RADIUS host does not exist!
== Setting up wAuth client ...
= Setting up cert for ...
== Setting up non-localhost settings ...
== Domain exists! 1
== Adding keys ...


Now, start the server:

# wikidctl start

Browse to the WIKIDAdmin interface at and you should see your domain created, your radius network client configured and all the required certs completed. All you need to do now is install a WiKID token and register users.

You can download the WiKID Strong Authentication server here.

Share this page:

1 Comment(s)