Created
January 23, 2017 20:27
-
-
Save dlangille/8447e735c0ca15cdbfd8cef01842b36e to your computer and use it in GitHub Desktop.
Importing your own cert into a Unifi controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # All of this was run on FreeBSD 11, but with path adjustments to the keystore, should work for any OS. | |
| # Your cert is in your local directory: | |
| # | |
| # unifi01.int.unixathome.org.key | |
| # unifi01.int.unixathome.org.pem | |
| # aircontrolenterprise is the password we are using on our pkcs12 file | |
| # crete the keys.p12 file | |
| # the -name directive specifies the alias for this cert. | |
| # aliases appear in the list command below | |
| echo aircontrolenterprise | openssl pkcs12 -export -inkey unifi01.int.unixathome.org.key \ | |
| -in unifi01.int.unixathome.org.pem -name unifi01 \ | |
| -out keys.p12 \ | |
| -password stdin | |
| # import keys.p12 into the keystore | |
| sudo keytool -importkeystore -srckeystore keys.p12 \ | |
| -srcstoretype pkcs12 -destkeystore /usr/local/share/java/unifi/data/keystore \ | |
| -storepass aircontrolenterprise -srcstorepass aircontrolenterprise | |
| # list the certs in the keystore | |
| # this is where we see the aliases | |
| keytool -list -keystore /usr/local/share/java/unifi/data/keystore | |
| # delete the one we don't want: we imported unifi01 alias above. | |
| # the unifi alias was created by the controller by default | |
| sudo keytool -delete -keystore /usr/local/share/java/unifi/data/keystore -alias unifi | |
| # restart the controller | |
| sudo service unifi restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The above is based on what I pulled from https://community.ubnt.com/t5/UniFi-Wireless/UniFi-Server-HTTPS-Certificate/m-p/1593956/highlight/false#M166753