Skip to main content
This guide walks you through connecting ATAK (Android), WinTAK (Windows), and ITAK (iOS) clients to your FreeTAKServer instance.

Prerequisites

Before connecting clients, ensure:
  • FreeTAKServer is running and accessible
  • You know your server’s IP address or hostname
  • You have generated client certificates (if using SSL)
  • Firewall allows connections on required ports

Understanding Connection Types

FreeTAKServer supports two connection types:

Non-SSL Connection

  • Port: 8087 (default CoT port)
  • Use case: Testing, internal networks
  • Security: Unencrypted traffic
  • Port: 8089 (default SSL CoT port)
  • Use case: Production deployments
  • Security: Encrypted traffic with certificate validation
  • Requirements: Server and client certificates
The easiest way to connect clients is using a configuration data package generated by FTS.
1
Generate Client Certificate
2
FreeTAKServer includes a certificate generation tool. Connect to your server and run:
3
python3 -m FreeTAKServer.core.util.certificate_generation
4
Or use the integrated certificate manager:
5
Python Script
from FreeTAKServer.core.util.certificate_generation import AtakOfTheCerts

# Generate certificates for a new client
with AtakOfTheCerts(pwd="your_cert_password") as cert_gen:
    cert_gen.generate_ca()  # Only needed first time
    cert_gen.bake("username", "user")  # Replace 'username' with actual username
CLI
# Using the built-in certificate tool
python3 -c "from FreeTAKServer.core.util.certificate_generation import AtakOfTheCerts; \
with AtakOfTheCerts('password') as c: c.generate_ca(); c.bake('Client', 'user')"
6
Certificates are stored in /opt/fts/certs/ by default.
7
Generate Data Package
8
Create a connection data package for your client:
9
ATAK/ITAK Package
from FreeTAKServer.core.util.certificate_generation import generate_standard_zip

generate_standard_zip(
    server_address="your.server.ip",
    user_filename="Client.p12",
    cert_password="password",
    ssl_port="8089"
)
WinTAK Package
from FreeTAKServer.core.util.certificate_generation import generate_wintak_zip

generate_wintak_zip(
    server_address="your.server.ip",
    user_filename="Client.p12",
    cert_password="password",
    ssl_port="8089"
)
10
The data package (.zip file) will be created in /opt/fts/certs/clientPackages/.
11
Import on ATAK
12
  • Transfer the .zip file to your Android device
  • Open ATAK
  • Tap the Import Manager (three dots menu → Import Manager)
  • Navigate to the .zip file and select it
  • ATAK will import the certificates and connection settings
  • Go to Settings → Network Preferences → Network Connections
  • Enable the FreeTAKServer connection
  • Verify connection status shows “Connected”
    • 13
    Import on WinTAK
    14
  • Copy the .zip file to your Windows machine
  • Open WinTAK
  • Click Import from the menu
  • Select the .zip data package
  • WinTAK will extract certificates to the appropriate location
  • Go to Settings → Network Connections
  • Enable the FreeTAKServer connection
  • Check the status bar for “Connected”
    • 15
    Import on ITAK
    16
  • Transfer the .zip file to your iOS device (via AirDrop, email, etc.)
  • Open the file in ITAK (Share → Open in ITAK)
  • ITAK will import the configuration automatically
  • Go to Settings → Network
  • Enable the FreeTAKServer connection
  • Verify connection in status bar

    • Method 2: Manual Configuration

    If you prefer to configure manually or can’t use data packages:
    1
    Configure ATAK Manually
    2
  • Open ATAK
  • Go to Settings → Network Preferences → Network Connections
  • Tap the + button to add a new connection
  • Enter connection details:
    • 3
    Non-SSL
    Description: FreeTAKServer
Address: your.server.ip
Port: 8087
Protocol: TCP
    SSL
    Description: FreeTAKServer SSL
Address: your.server.ip
Port: 8089
Protocol: SSL
Use Authentication: Yes
Certificate: (select imported .p12 file)
Certificate Password: your_password
    4
  • Tap Save
  • Enable the connection
    • 5
    Configure WinTAK Manually
    6
  • Open WinTAK
  • Go to Settings → Network Connections
  • Click Add
  • Configure:
    • 7
    Description: FreeTAKServer
Enabled: Checked
Address: your.server.ip:8089:ssl
Preferred: Checked

SSL Settings:
Use SSL: Yes
Client Certificate: Browse to .p12 file
Password: your_password
Server Certificate: Browse to server .p12 file
Password: your_password
    8
  • Click OK and Apply

    • Connection Verification

    Check Server Logs

    Monitor FreeTAKServer logs for connection events: 
    tail -f /opt/fts/Logs/FTS.log | grep -i "connection"
    You should see entries like: 
    Handling connection data
client update has been sent through queue

    Verify in ATAK

    • Check the Network Status widget
    • Look for green indicator next to your connection
    • Your callsign should appear on other connected clients’ maps

    Test Communication

    1. Send a chat message to “All Chat Rooms”
    2. Drop a marker on the map
    3. Other connected clients should receive both

    Troubleshooting

    Connection Refused

    Ensure the CoT ports are open in your firewall:
    # For firewalld
sudo firewall-cmd --permanent --add-port=8087/tcp
sudo firewall-cmd --permanent --add-port=8089/tcp
sudo firewall-cmd --reload

# For ufw
sudo ufw allow 8087/tcp
sudo ufw allow 8089/tcp

    Certificate Errors

    Common SSL issues:
    • Certificate expired: Regenerate certificates with longer expiry
    • Wrong password: Verify certificate password matches configuration
    • Missing CA: Ensure server certificate package includes CA certificate
    # Generate certificates with 2-year expiry
with AtakOfTheCerts() as cert:
    cert.bake("username", "user", expiry_time_secs=63072000)

    Client Not Visible

    If clients connect but don’t see each other:
    1. Verify client sent presence CoT (check server logs)
    2. Ensure clients are on same channel/network
    3. Check server routing configuration
    4. Verify no IP filtering is active

    iOS ITAK Specific Issues

    • ITAK may require certificates in specific format
    • Ensure background location permissions are enabled
    • Check iOS VPN settings don’t interfere

    Configuration Reference

    Server Ports

    ServiceDefault PortEnvironment VariableDescription
    CoT Service8087FTS_COT_PORTNon-SSL CoT traffic
    SSL CoT Service8089FTS_SSLCOT_PORTSSL-encrypted CoT traffic
    Data Package8080FTS_DP_ADDRESSHTTP data package service
    SSL Data Package8443FTS_HTTPS_TAK_API_PORTHTTPS data package service
    API19023FTS_API_PORTREST API

    Client Certificate Paths

    FreeTAKServer stores certificates in: 
    /opt/fts/certs/
├── ca.pem              # Certificate Authority
├── ca.key              # CA private key
├── server.pem          # Server certificate
├── server.key          # Server private key
├── server.p12          # Server PKCS12 bundle
├── Client.p12          # Default client certificate
└── clientPackages/     # Generated data packages
    └── username.zip

    Public Server Connection

    To connect to the FreeTAKTeam public server for testing: Server Details:
    • Address: 137.184.101.250
    • Port: 8087
    • Protocol: TCP (non-SSL)
    Configuration Package: Download the pre-configured data package from: https://drive.google.com/file/d/1IK1LfPN13EWikHaMyOuDDwIerNGz-Wli/view Import using ATAK’s Import Manager.
    The public server is for testing only. Do not use for sensitive operations.

    Next Steps

    Build docs developers (and LLMs) love

    Get started for freeTalk to us