Scheduled maintenance: Community will be offline Monday June 17th, 1:00 AM - 6:00 AM (PT)
New Member
Posts: 10
Registered: ‎08-05-2017
Kudos: 3

SSL Certificate for local computer- need some help

[ Edited ]

I have controller running on my computer and i want to setup SSL certificate for local ip of cloud controller and port 8443. how can i setup the SSL local IP Address.


 Controller is running on windows 10 pro

New Member
Posts: 2
Registered: Wednesday

Re: SSL Certificate for local computer- need some help

Same problem here, running a linux machine.


I've got no idea who's going to sign my cert for a address... 


Currently I cant run my UAP AC Pro with any controller... 

Senior Member
Posts: 25,956
Registered: ‎08-04-2017
Kudos: 4870
Solutions: 1288

Re: SSL Certificate for local computer- need some help

Hello @hHundstorf,

Welcome to the community!


You can't have a SSL cert on an IP address... you would need a DNS record and purchase a cert.

You can ignore the SSL warning if it's only local though.



Glenn R.

Cloud Hosted Controllers | Glenn R. | UniFi Installation/Easy Update Scripts | UniFi-Video Installation Scripts | UniFi-VoIP Installation Scripts
US-XG-16 • US-48-500W • US-24-POE-250W 2x • US-16-POE-150W 3x • US-24 • US-8-150W • US-8
New Member
Posts: 33
Registered: ‎07-05-2018
Kudos: 1

Re: SSL Certificate for local computer- need some help

There are several posts about using letsencrypt to generate certifcate to use and even github posts like and to do this but I find them overly complicated.


For a quick and easy method to generate your own certicate that is good for 10 years as long as this is just for your home/personal use.


Download the script from and save it on your pi. Make sure it is executable and then follow these steps:


1. ca

This walks you through creating a self-signed CA/root certificate for you. The output is a cacert.pem and cakey.pem file.


2. server cakey.pem cacert.pem

This creates a server-side certificate signed by the above created CA. The output of this is server_cert.pem and server_key.pem.


3. openssl pkcs12 -export -in server_cert.pem -inkey server_key.pem -certfile cacert.pem -name unifi -out pi.p12

Reads the server certificate created above and convers them into a pkcs12 file format of the name pi.p12


4. keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore keystore -srckeystore pi.p12 -srcstoretype PKCS12 -srcstorepass welcome1

This takes the pi.p12 file from above and stores it in a java keystore file named keystore


5 - Now that we have a custom keystore we need to tell the controller to use it. Change to the /var/lib/unifi directory and (as root) rename keystore to keystore.orig. Copy the output keystore file from (4) above into this /var/lib/unifi directory and restart the controller.


A couple of notes on the above:

1 - When running it prompts for several things. It has default values but you probably want to change at least the value of the common name to be the name of your server where the controller is running. This keeps browsers happy when the server you are connecting to has a certificate that matches that name.


2 - Since the certificate is self-signed you'll need to import the cacert.pem file into your browser as a trusted root certificate authority and perhaps mark it as trusted. 


From there you should be able to connect to https://hostname:8443 just fine.

New Member
Posts: 2
Registered: Wednesday

Re: SSL Certificate for local computer- need some help

Thanks a lot! That solution works like a charm Smile