Created
September 22, 2023 10:31
-
-
Save ym/860f123cc00d7db9a1ade26a4245619c to your computer and use it in GitHub Desktop.
Copy SSL certificate from UNMS to Unifi Controller
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| UNMS_CONTAINER=unms-nginx | |
| UNIFI_CONTAINER=unifi-network-application | |
| UNIFI_CONFIG_PATH=/etc/unifi | |
| CRT_FINAL=${UNIFI_CONFIG_PATH}/live.crt | |
| KEY_FINAL=${UNIFI_CONFIG_PATH}/live.key | |
| CRT_TMP=$(mktemp) | |
| # docker copy doesn't follow symlinks, so we have to do this manually | |
| docker exec "${UNMS_CONTAINER}" cat /cert/live.crt > ${CRT_TMP} | |
| # check if the new certificate is different from the old one | |
| [ -f "${CRT_FINAL}" ] && [ "$(cat "${CRT_FINAL}" | md5sum)" == "$(cat "${CRT_TMP}" | md5sum)" ] && { | |
| echo "Certificate already updated, exiting ..." | |
| exit | |
| } | |
| docker exec "${UNMS_CONTAINER}" cat /cert/live.key > ${KEY_FINAL} | |
| openssl pkcs12 -export \ | |
| -inkey ${UNIFI_CONFIG_PATH}/live.key \ | |
| -in ${UNIFI_CONFIG_PATH}/live.crt \ | |
| -out ${UNIFI_CONFIG_PATH}/live.p12 \ | |
| -name unifi -password pass:temppass | |
| docker exec ${UNIFI_CONTAINER} \ | |
| keytool -importkeystore \ | |
| -deststorepass aircontrolenterprise \ | |
| -destkeypass aircontrolenterprise \ | |
| -destkeystore /config/data/keystore \ | |
| -srckeystore /config/live.p12 \ | |
| -srcstoretype PKCS12 \ | |
| -srcstorepass temppass \ | |
| -alias unifi \ | |
| -noprompt | |
| docker restart ${UNIFI_CONTAINER} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment