Skip to content

Instantly share code, notes, and snippets.

@hdml
Last active June 9, 2024 16:57
Show Gist options
  • Save hdml/8a446dc1b0ad4f94b7a17a67a33286ab to your computer and use it in GitHub Desktop.
Save hdml/8a446dc1b0ad4f94b7a17a67a33286ab to your computer and use it in GitHub Desktop.
Installing a custom SSL cert on a Unifi Controller

##Installing a custom SSL cert on Unifi Controller

Requirements:

  • Domain certificate (*.crt)
  • Certificate key (*.key)
  • Intermediate certificate from CA (*.crt, *.pem)
  • Permissions to restart the unifi service
  • Debian or Ubuntu Unifi Controller installation

###Backup your current keystore

cd /var/lib/unifi
sudo cp keystore keystore.bkp

###Create pkcs12 certificate

openssl pkcs12 -export -in domain_certificate.crt -inkey domain_certificate_priv.key -out domain_certificate.p12 -name unifi -CAfile "intermediate_cert_from_CA.crt" -caname root -password pass:aircontrolenterprise

Copy your new cert to /etc/ssl/private

sudo cp domain_certificate.p12 /etc/ssl/private

###Replace certificate in keystore with newly created cert

sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -srckeystore /etc/ssl/private/domain_certificate.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi

When prompted to replace the current certificate, say yes.

###Restart the Unifi Controller service

sudo /etc/init.d/unifi restart
@mike240se
Copy link

I get

Existing entry alias unifi exists, overwrite? [no]:  yes
keytool error: java.lang.Exception: Alias <unifi> does not exist```

@undermind
Copy link

undermind commented May 16, 2024

Or short way with certbot

openssl pkey -in /etc/letsencrypt/live/domain.tld/privkey.pem -traditional -out transformed-private.key
java -jar lib/ace.jar import_key_cert transformed-private.key /etc/letsencrypt/live/domain.tld/fullchain.pem
service unifi restart

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment