03-21-2017 12:01 PM
I have the latest unifi controller running and have registered and brought an SSL certificate with GoDaddy.
I have connected to my ubuntu controller and ran the command to generate the certificate but an unable to progress any further.
I have looked at various websites ive found on google but am having no luck finding where the certificate has been generated and how to get the required information to GoDaddy.
Anyone have any helpful hints on what to do next??
03-21-2017 01:13 PM
Appreciating that GoDaddy may have given you a different base to work from, I'll share with you my own .bash script I run after I run my LetsEncrypt certificate command:
Where my domain for the controller is unifi.mydomain.com
openssl pkcs12 -export -passout pass:aircontrolenterprise \ -in /etc/letsencrypt/live/unifi.mydomain.com/cert.pem \ -inkey /etc/letsencrypt/live/unifi.mydomain.com/privkey.pem \ -out /home/george/ssl/cert -name unifi \ -CAfile /etc/letsencrypt/live/unifi.mydomain.com/chain.pem -caname root service unifi stop keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \ -deststorepass aircontrolenterprise keytool -trustcacerts -importkeystore \ -deststorepass aircontrolenterprise \ -destkeypass aircontrolenterprise \ -destkeystore /usr/lib/unifi/data/keystore \ -srckeystore /home/george/ssl/cert -srcstoretype PKCS12 \ -srcstorepass aircontrolenterprise \ -alias unifi java -jar /usr/lib/unifi/lib/ace.jar import_cert \ /etc/letsencrypt/live/unifi.mydomain.com/cert.pem \ /etc/letsencrypt/live/unifi.mydomain.com/chain.pem \ /home/george/ssl/certFile service unifi start
It does have to be run in an elevated prompt, and it assumes a few things such as the install type and my working directory, but I hope you can use it as a base; let me explain some commands and ideas.
The keystore that unifi uses is a Java keystore at `/usr/lib/unifi/data/keystore` which is the default location on an ubuntu install. It'll be different if using the cloudkey.
So using the `openssl` command, I convert my cert and priv key from LetsEncrypt files into the single format the following commands require.
I then stop the unifi controller.
I then delete the Unifi default SSL certificate (the default one that ships with it).
I then import the cert file into the key store in it's place with the same alias. Keep note of the password entries.
Finally, I use that java command. Can't lie, not entirely sure where it fits into how it all works. But I read it on a guide so I included it and it works. Probably should question it?
I start the service, and boom, works happily
08-17-2017 02:40 AM
12-29-2017 05:15 PM
Thanks for a great guide.. Im quite new in the SSL stuff, and Im having trouble getting past the "approver email" part when ordering the certs. Its give me a suggested list of emails to choose from (like email@example.com), which is useless for me as I dont have that email.
So how do you bypass that? I also wanted my FQDN to be www.unifi.mydomain.com, but it seems that, thats where it looks for the email suggestions..
Could you explain your order process aswell?