Skip to content

Instantly share code, notes, and snippets.

@rohan-molloy

rohan-molloy/Unifi-Controller-Custom-Certificate-Installation.md

Last active November 30, 2019 02:48
Show Gist options
  • Save rohan-molloy/ab8850ce7a3838caaa8fb580a2e80f09 to your computer and use it in GitHub Desktop.
Save rohan-molloy/ab8850ce7a3838caaa8fb580a2e80f09 to your computer and use it in GitHub Desktop.
Download ZIP
How to install a custom certificate on a unifi controller
Raw
Unifi-Controller-Custom-Certificate-Installation.md

Unifi Controller Custom Certificate Installation

1. Convert Certificate + Key to PKCS12 bundle

openssl pkcs12 -export \
               -inkey $KEY \
               -in $CERT \
               -out $BUNDLE \
               -passout pass:

2. Copy bundle to container

docker cp $BUNDLE $CONTAINER:$BUNDLE

3. Import bundle to Java key store

docker exec $CONTAINER keytool -importkeystore \
                               -deststorepass aircontrolenterprise \
                               -destkeypass aircontrolenterprise \
                               -destkeystore /usr/lib/unifi/data/keystore \
                               -srckeystore $BUNDLE \
                               -srcstoretype PKCS12 \
                               -srcstorepass ""

4. Restart container

docker restart $CONTAINER

5. Check certificate fingerprint served matches local

fingerprint1="$(openssl x509 -in /etc/ssl/private/fullchain.pem -noout -fingerprint)"
fingerprint2="$(openssl s_client -connect localhost:8443 < /dev/null | openssl x509 -fingerprint -noout)"
test "$fingerprint1" = "$fingerprint2" && echo "PASS" || echo "FAIL"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment