Ubiquiti Controller with a Custom SSL Certificate

From Wikistix
Jump to: navigation, search

By default, the unifi Ubiquiti Controller, ships with a self-signed SSL certificate, which generates a warning in Google Chrome, and requires a few extra clicks to log in. However, this certifcate can be replaced quite easily.

The following steps were performed on a NetBSD system with net/unifi installed from pkgsrc.

Convert certificate into the right format:

/usr/bin/openssl pkcs12 -export -in /usr/pkg/etc/httpd/www.stix.id.au/fullchain.pem \
    -inkey /usr/pkg/etc/httpd/www.stix.id.au/privkey.pem \
    -out /tmp/pkcs.p12 -passout pass:aircontrolenterprise -name unifi

Install into the java keystore:

/usr/pkg/java/openjdk8/bin/keytool -importkeystore \
    -deststorepass aircontrolenterprise \
    -destkeypass aircontrolenterprise \
    -destkeystore  /usr/pkg/unifi/data/keystore \
    -srckeystore /tmp/pkcs.p12 \
    -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi -noprompt
/bin/rm /tmp/pkcs.p12

Restart unifi to reload the keys:

/etc/rc.d/unifi restart

See Also

Misinformation found herein copyright Paul Ripke (aka “stix”) stixpjr@gmail.com.