jrotello · March 14, 2017 03:30
diff --git a/deploy-unifi-cert.sh b/deploy-unifi-cert.sh
 #!/bin/bash

 # Setup your Domain
 DOMAIN="<domain_name_here>"
 DEHYDRATED_CERTS="/home/dehydrated/certs/$DOMAIN"

 # Stop the services
 echo "Stopping services..."
 service nginx stop
 service unifi stop

 # Convert cert to PKCS #12 format
 echo "Create temporary PKCS12..."
 openssl pkcs12 \
 	-export \
 	-inkey $DEHYDRATED_CERTS/privkey.pem \
 	-in $DEHYDRATED_CERTS/fullchain.pem \
 	-out /etc/ssl/private/cert.p12 \
 	-name ubnt -password pass:temppass

 # Load it into the java keystore that UBNT understands
 echo "Load PKCS12 into the java keystore"
 keytool \
 	-importkeystore \
 	-deststorepass aircontrolenterprise \
 	-destkeypass aircontrolenterprise \
 	-destkeystore /etc/ssl/private/unifi.keystore.jks \
 	-srckeystore /etc/ssl/private/cert.p12 \
 	-srcstoretype PKCS12 \
 	-srcstorepass temppass \
 	-alias ubnt \
 	-noprompt

 # Clean up and use new cert
 echo "Remove temporary PKCS12..."
 rm /etc/ssl/private/cert.p12

 # Also use the same certificate for Nginx (Cloud Key Configuration)
 echo "Configure Nginx (Cloud Key Configuration)..."
 rm /etc/ssl/private/cloudkey.crt
 rm /etc/ssl/private/cloudkey.key

 cp $DEHYDRATED_CERTS/privkey.pem /etc/ssl/private/cloudkey.key
 cp $DEHYDRATED_CERTS/fullchain.pem /etc/ssl/private/cloudkey.crt

 cd /etc/ssl/private/
 tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks

 #Start the services
 echo 'Starting services...'
 service nginx start
 service unifi start

 echo "Done!"
	#!/bin/bash

	# Setup your Domain
	DOMAIN="<domain_name_here>"
	DEHYDRATED_CERTS="/home/dehydrated/certs/$DOMAIN"

	# Stop the services
	echo "Stopping services..."
	service nginx stop
	service unifi stop

	# Convert cert to PKCS #12 format
	echo "Create temporary PKCS12..."
	openssl pkcs12 \
	-export \
	-inkey $DEHYDRATED_CERTS/privkey.pem \
	-in $DEHYDRATED_CERTS/fullchain.pem \
	-out /etc/ssl/private/cert.p12 \
	-name ubnt -password pass:temppass

	# Load it into the java keystore that UBNT understands
	echo "Load PKCS12 into the java keystore"
	keytool \
	-importkeystore \
	-deststorepass aircontrolenterprise \
	-destkeypass aircontrolenterprise \
	-destkeystore /etc/ssl/private/unifi.keystore.jks \
	-srckeystore /etc/ssl/private/cert.p12 \
	-srcstoretype PKCS12 \
	-srcstorepass temppass \
	-alias ubnt \
	-noprompt

	# Clean up and use new cert
	echo "Remove temporary PKCS12..."
	rm /etc/ssl/private/cert.p12

	# Also use the same certificate for Nginx (Cloud Key Configuration)
	echo "Configure Nginx (Cloud Key Configuration)..."
	rm /etc/ssl/private/cloudkey.crt
	rm /etc/ssl/private/cloudkey.key

	cp $DEHYDRATED_CERTS/privkey.pem /etc/ssl/private/cloudkey.key
	cp $DEHYDRATED_CERTS/fullchain.pem /etc/ssl/private/cloudkey.crt

	cd /etc/ssl/private/
	tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks

	#Start the services
	echo 'Starting services...'
	service nginx start
	service unifi start

	echo "Done!"