10-06-2017 01:38 PM - edited 10-31-2017 05:55 AM
Importing custom certificates in UFV 3.8.1 or later (experimental)
NOTE: The UniFi Video Controller now utilizes separate certificates for browser connections and camera connections. So the instructions for installing a custom web application certificate have changed.
IF YOU’RE RUNNING A UFV VERSION PRIOR 3.8.0 AND HAVE ALREADY INSTALLED A CUSTOM CERTIFICATE
Remove the web application keystore/truststore files from the UniFi Video working directory (/usr/lib/unifi-video on Linux or C:\ProgramData\unifi-video on Windows) prior to upgrade. Specifically, remove:
Then, update UFV and follow the instructions below
IF YOU ARE INSTALLING A CUSTOM CERTIFICATE ON UNIFI VIDEO 3.8.1 FOR THE FIRST TIME (OR ARE REINSTALLING A CUSTOM CERT)
Stop the unifi-video service
Remove the keystore/truststore files from the ufv working directory (/usr/lib/unifi-video on Linux or C:\ProgramData\unifi-video on Windows)
Copy your key and cert files into certificates folder under the UniFi Video working directory:
- data/certificates/ufv-server.cert.der (X509 DER-encoded cert file)
- data/certificates/ufv-server.key.der (RSA PKCS8 DER-encoded private key file)
Linux only: Change the permissions for the newly created folder and files within:
- chown -R unifi-video:unifi-video /usr/lib/unifi-video/data/certificates
In data/system.properties add this line:
Start the unifi-video service
- When the controller detects the ufv.custom.certs.enable flag is set and the cert/key files are present it will load these in a new web application keystore instead of generating its own. The cert/key files in the certificates folder are removed, once imported in the key store.
- The unifi-video controller will now use your provided certificate and key for the web application
IF YOU’RE RUNNING UFV 3.8.0 OR NEWER AND HAVE ALREADY INSTALLED A CUSTOM CERTIFICATE
Note: While most camera operations will work when using a custom certificate for camera communication, it is not recommended - and may cause issues with later versions of UniFi Video.
- Unmanage all the cameras currently managed by the UniFi Video controller
- UFV 3.8.0 cameras maintain a copy of the controller's certificate for mutual authentication. Managed cameras need to be unmanaged to remove the copy of the controller's certificate.
- The camera and controller will re-exchange certificates in order to re-establish mutual authentication
Please keep in mind that this is an experimental feature and thus, may not work in 100% of scenarios. If you run into an issue, please search to see if someone else has run into this scenario and post on that thread if applicable. If you do not find a thread with similar symptoms, please post a new thread and we'll address it.best we can.