Ubiquiti Controller with a Custom SSL Certificate
From Wikistix
By default, the unifi Ubiquiti Controller, ships with a self-signed SSL certificate, which generates a warning in Google Chrome, and requires a few extra clicks to log in. However, this certificate can be replaced quite easily.
The following steps were performed on a NetBSD system with net/unifi installed from pkgsrc, with a certificate obtained from Let's Encrypt. This is easily adapted into a script triggered during Let's Encrypt certificate renewal.
Convert certificate into the right format:
/usr/bin/openssl pkcs12 -export -in /usr/pkg/etc/httpd/www.stix.id.au/fullchain.pem \
-inkey /usr/pkg/etc/httpd/www.stix.id.au/privkey.pem \
-out /tmp/pkcs.p12 -passout pass:aircontrolenterprise -name unifi
Install into the java keystore:
/usr/pkg/java/openjdk8/bin/keytool -importkeystore \
-deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \
-destkeystore /usr/pkg/unifi/data/keystore \
-srckeystore /tmp/pkcs.p12 \
-srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi -noprompt
/bin/rm /tmp/pkcs.p12
Restart unifi to reload the keys:
/etc/rc.d/unifi restart
See Also
- "Re: Installing an SSL Certificate" post at community.ubnt.com.