Reply
Emerging Member
Posts: 65
Registered: ‎12-21-2013

Installing an SSL Certificate

 

I have the latest unifi controller running and have registered and brought an SSL certificate with GoDaddy.

 

I have connected to my ubuntu controller and ran the command to generate the certificate but an unable to progress any further.

 

I have looked at various websites ive found on google but am having no luck finding where the certificate has been generated and how to get the required information to GoDaddy.

 

Anyone have any helpful hints on what to do next??

 

Thanks.

Emerging Member
Posts: 44
Registered: ‎03-01-2017
Kudos: 22
Solutions: 2

Re: Installing an SSL Certificate

Hi Andy,

 

Appreciating that GoDaddy may have given you a different base to work from, I'll share with you my own .bash script I run after I run my LetsEncrypt certificate command:

 

Where my domain for the controller is unifi.mydomain.com

 

openssl pkcs12 -export  -passout pass:aircontrolenterprise \
    -in /etc/letsencrypt/live/unifi.mydomain.com/cert.pem \
    -inkey /etc/letsencrypt/live/unifi.mydomain.com/privkey.pem \
    -out /home/george/ssl/cert -name unifi \
    -CAfile /etc/letsencrypt/live/unifi.mydomain.com/chain.pem -caname root

service unifi stop

keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \
    -deststorepass aircontrolenterprise

keytool -trustcacerts -importkeystore \
    -deststorepass aircontrolenterprise \
    -destkeypass aircontrolenterprise \
    -destkeystore /usr/lib/unifi/data/keystore \
    -srckeystore /home/george/ssl/cert -srcstoretype PKCS12 \
    -srcstorepass aircontrolenterprise \
    -alias unifi

java -jar /usr/lib/unifi/lib/ace.jar import_cert \
    /etc/letsencrypt/live/unifi.mydomain.com/cert.pem \
    /etc/letsencrypt/live/unifi.mydomain.com/chain.pem \
    /home/george/ssl/certFile

service unifi start

It does have to be run in an elevated prompt, and it assumes a few things such as the install type and my working directory, but I hope you can use it as a base; let me explain some commands and ideas.

 

The keystore that unifi uses is a Java keystore at `/usr/lib/unifi/data/keystore` which is the default location on an ubuntu install. It'll be different if using the cloudkey.

 

So using the `openssl` command, I convert my cert and priv key from LetsEncrypt files into the single format the following commands require.

 

I then stop the unifi controller.

 

I then delete the Unifi default SSL certificate (the default one that ships with it).

 

I then import the cert file into the key store in it's place with the same alias. Keep note of the password entries.

 

Finally, I use that java command. Can't lie, not entirely sure where it fits into how it all works. But I read it on a guide so I included it and it works. Probably should question it?

 

I start the service, and boom, works happily Man Happy

New Member
Posts: 2
Registered: ‎05-05-2015

Re: Installing an SSL Certificate

Thank you - works perfectly! I tried the method suggested here: https://help.ubnt.com/hc/en-us/articles/212500127-UniFi-SSL-certificate-error-upon-opening-controlle... however that failed miserably.
New Member
Posts: 9
Registered: ‎05-31-2017
Kudos: 1

Re: Installing an SSL Certificate

Thanks for a great guide.. Im quite new in the SSL stuff, and Im having trouble getting past the "approver email" part when ordering the certs. Its give me a suggested list of emails to choose from (like admin@mydomain.com), which is useless for me as I dont have that email.

 

So how do you bypass that? I also wanted my FQDN to be www.unifi.mydomain.com, but it seems that, thats where it looks for the email suggestions..

 

Could you explain your order process aswell?

Emerging Member
Posts: 44
Registered: ‎03-01-2017
Kudos: 22
Solutions: 2

Re: Installing an SSL Certificate

Have you considered using LetsEncrypt as your SSL provider? They are free and far easier Man Happy

New Member
Posts: 9
Registered: ‎05-31-2017
Kudos: 1

Re: Installing an SSL Certificate

As I understand it, they only offer 30 days certs? So you have to renew them every month, I dont really want that.. 

Emerging Member
Posts: 44
Registered: ‎03-01-2017
Kudos: 22
Solutions: 2

Re: Installing an SSL Certificate

The certificates are 3 months long, and they renew automatically if you configure your setup correctly Man Happy

Reply