Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
Regular Member
Posts: 369
Registered: ‎03-14-2012
Kudos: 18
Solutions: 2
Accepted Solution

UniFi Server HTTPS Certificate

Hi Guys,

I have deployed unifi on a new server that already hosts a https site on a different port. I have the relevant key and cert files along with the CA files. How do you import these into unifi? (windows) I can only find instructions for installing a certificate through a CSR...

Thanks
Mark

Accepted Solutions
Highlighted
New Member
Posts: 3
Registered: ‎03-20-2013
Kudos: 20
Solutions: 1

Re: UniFi Server HTTPS Certificate

If anyone is still having trouble with this, I just figured out how to do it using an existing Windows certificate. In my case, we have our own internal Certification Authority, but it will work just the same with a certificate issued by GoDaddy or anyone else.

 

I'm assuming you already know how to export the certificate using the Certificates MMC snap-in, and that the keytool executable from your installed java package is in the path.

 

1)      Export PFX certificate with private key and the option “Include all certificates in the certification path if possible”, using password "aircontrolenterprise" (this is important!)

 

2)      Open a Command Prompt and go to the directory Unifi was installed to then the data directory (example: C:\Users\administrator\Ubiquiti Unifi\data)

 

3)      Find the alias of your exported certificate by using (use the password from step 1):

keytool -list -keystore c:\path\to\pfx.pfx -storetype pkcs12

  

It will list the certificate starting with its alias, for example:

Keystore type: PKCS12

Keystore provider: SunJSSE

 

Your keystore contains 1 entry

 

le-webserver2003-8f6daf5b-8c89-405f-b3bb-045c58656883, Mar 20, 2013, PrivateKeyE

ntry,

Certificate fingerprint (MD5): AB:3F:79:FD:F5:1E:B3:69:78:8C:1C:AC:41:B3:29:6B

 

The certificate alias in this case is le-webserver2003-8f6daf5b-8c89-405f-b3bb-045c58656883. Use it in place of “src-alias” in the command below (yours will be different).

 

4)      Rename the existing file called “keystore” to keystore.orig.

 

5)      Run the following command:

keytool -importkeystore -srcstoretype pkcs12 -srcalias src-alias -srckeystore c:\path\to\pfx.pfx -keystore keystore -destalias unifi

 

Use the same password from step 1.

 

6)     Start the UniFi server.

View solution in original post

New Member
Posts: 6
Registered: ‎03-24-2014
Kudos: 6
Solutions: 1

Re: UniFi Server HTTPS Certificate

 

Hi Takumix,

 

I searched for a solution to this problem for a while and solved it a few weeks ago. So I hope it helps you too Man Happy

I did it with a PFX file so it would be easiest if you exported the cert from the IIS including all the keys.

The keytool util can be found in c:\program files\Java\Jre7\bin

 

On the IIS server

Export cert as PFX and give it the password "aircontrolenterprise"

 

On the unifi server run:

keytool -list -keystore "path to cert" -storetype pkcs12

 

output should look like this:

Your keystore contains 1 entry 

le-webservercert-and a large number, Date, PrivateKeyEntry,

Certificate fingerprint (SHA1): XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

 

In the library c:\users\"username"\Ubiquity UniFi\data

find the file Keystore and rename it to Keystore.orig

 

Run:

keytool.exe -importkeystore -srcstoretype pkcs12 -srcalias le-webservercert-and a large number -srckeystore “path to cert” -keystore keystore -destalias unifi

 

Enter password aircontrolenterprise 3 times

 

Hope it helps. Icon Smile

 

View solution in original post

Emerging Member
Posts: 48
Registered: ‎07-25-2011
Kudos: 8
Solutions: 1

Re: UniFi Server HTTPS Certificate

hovej,


What you posted didn't work for me, but this post did.  Basically create a new keystore file.

http://community.ubnt.com/t5/UniFi/Your-own-SSL-key-and-cert/m-p/285508/highlight/true#M16786

View solution in original post

New Member
Posts: 2
Registered: ‎03-19-2015
Solutions: 1

Re: UniFi Server HTTPS Certificate

I found a simple solution to this.

 

I use a free service called CloudFlare for my DNS. In my CloudFlare account I just setup an A record unifi.domain.com points to (IP address).

 

CloudFlare offers free SSL. So I enabled the traffic to go through CloudFlair, and turned on flexable SSL. 

 

No cert was required. I did not have to do anything on the server side. 

 

I do this on a few of my other site to, because I am not good with certs. 

 

 

I hope it helps.

View solution in original post

New Member
Posts: 5
Registered: ‎06-12-2014
Kudos: 1
Solutions: 1

Re: UniFi Server HTTPS Certificate

FYI I used a wildcard cert exported from a Windows server using these steps and it worked the first time without ANY isssue.  

 

To everyone attempting to do this:  Make sure that you follow ALL steps verbatim, including exporting the cert wtih the password "aircontrolenterprise" .... and I'd copy and paste the password since I fat-fingered it twice when I was doing the keytool -list command to list the cert alias in the PFX ... 

 

Follow this verbatim and it will work for you.  My target environment was a Windows 2008 R2 server, the database was running with about 20 sites configured, and everything remains intact without the cert error any longer.

 

Thank you for your post!

View solution in original post


All Replies
Regular Member
Posts: 369
Registered: ‎03-14-2012
Kudos: 18
Solutions: 2

Re: UniFi Server HTTPS Certificate

bump

so nobody has done this before?
Regular Member
Posts: 657
Registered: ‎06-18-2010
Kudos: 170
Solutions: 5

Re: UniFi Server HTTPS Certificate

bump

so nobody has done this before?


I did it recently, but via the instructions provided here:

wiki.ubnt.com/UniFi_FAQ#Custom_SSL_certificate

This process generates a CSR though. Some reason you can't do it with the described method? You can't use the certs you already have, but it's cheap to get a cert.

btw - If you do go with the above prescribed method the procedure for Windows varies a bit from the FAQ. I can supply you the Windows method if you like.
Regular Member
Posts: 669
Registered: ‎10-07-2011
Kudos: 149
Solutions: 1

Re: UniFi Server HTTPS Certificate

I've only ever done it using the CSR as described here:
wiki.ubnt.com/UniFi_FAQ#Custom_SSL_certificate
But, I suspect that simply copying your .der and .pem files to would get it done. If necessary you might also need to copy the intermediate certs as well (GoDaddy).
Regular Member
Posts: 369
Registered: ‎03-14-2012
Kudos: 18
Solutions: 2

Re: UniFi Server HTTPS Certificate

Hi,

Im using start SSL and they dont really offer the CSR SSL certificates at the free level.

If I copied the SSL certs etc to my unifi base, what should they be named in order to work?
Regular Member
Posts: 669
Registered: ‎10-07-2011
Kudos: 149
Solutions: 1

Re: UniFi Server HTTPS Certificate

Hi,

Im using start SSL and they dont really offer the CSR SSL certificates at the free level.

If I copied the SSL certs etc to my unifi base, what should they be named in order to work?


I was not explicit enough in my previous post. After you copy the certs, you will need to import them with a command similar to this:
java -jar lib/ace.jar import_cert  


The name doesn't really matter, but you must import whatever name you use.
Regular Member
Posts: 369
Registered: ‎03-14-2012
Kudos: 18
Solutions: 2

Re: UniFi Server HTTPS Certificate

Ok,

How would you do this for a windows server?

Thanks
Regular Member
Posts: 669
Registered: ‎10-07-2011
Kudos: 149
Solutions: 1

Re: UniFi Server HTTPS Certificate

Did you look at the FAQ that we pointed you to?

c:
cd %USERPROFILE%/Ubiquiti Unifi
java -jar lib/ace.jar import_cert
Regular Member
Posts: 369
Registered: ‎03-14-2012
Kudos: 18
Solutions: 2

Re: UniFi Server HTTPS Certificate

Just get the error 'Unable to import the certificate into the keystore....
Regular Member
Posts: 369
Registered: ‎03-14-2012
Kudos: 18
Solutions: 2

Re: UniFi Server HTTPS Certificate

OK - has nobody done this before? You have a certificate already (root cert, certificate already present on the server, etc) and you need to re-use it for unifi......

Any help appriciated.

Thanks
New Member
Posts: 11
Registered: ‎06-29-2010

Re: UniFi Server HTTPS Certificate

Well thought I'd just done it on 'Doze and it's a right ballache Icon Confused

You need to export your certificate and the intermediate certs to a directory (c:\certs in my case) then change to the \lib directory

c:
cd %USERPROFILE%/Ubiquiti Unifi\lib

and run the following command

java -jar ace.jar import_cert C:\certs\Remote.cer C:\certs\startcom-class2.cer C:\certs\StartCom-CA-2012.cer

All went successfully, I restarted the controller and phut, I can no longer connect.

Could do with some help dedugging this as there doesn't appear to be any errors in the log!!
New Member
Posts: 1
Registered: ‎12-21-2012

Re: UniFi Server HTTPS Certificate

You can't re-use the certificate unless the service/software knows what the private key is - that's your problem. Java applications don't use the certificates in the windows certificate store and therefore do not have access to the private keys (which is an integral part in its function). The new CSR is required because a new private key is created as a part of the CSR process. If you can find away to import the private key into java you should be able to re-use the existing cert.
Highlighted
New Member
Posts: 3
Registered: ‎03-20-2013
Kudos: 20
Solutions: 1

Re: UniFi Server HTTPS Certificate

If anyone is still having trouble with this, I just figured out how to do it using an existing Windows certificate. In my case, we have our own internal Certification Authority, but it will work just the same with a certificate issued by GoDaddy or anyone else.

 

I'm assuming you already know how to export the certificate using the Certificates MMC snap-in, and that the keytool executable from your installed java package is in the path.

 

1)      Export PFX certificate with private key and the option “Include all certificates in the certification path if possible”, using password "aircontrolenterprise" (this is important!)

 

2)      Open a Command Prompt and go to the directory Unifi was installed to then the data directory (example: C:\Users\administrator\Ubiquiti Unifi\data)

 

3)      Find the alias of your exported certificate by using (use the password from step 1):

keytool -list -keystore c:\path\to\pfx.pfx -storetype pkcs12

  

It will list the certificate starting with its alias, for example:

Keystore type: PKCS12

Keystore provider: SunJSSE

 

Your keystore contains 1 entry

 

le-webserver2003-8f6daf5b-8c89-405f-b3bb-045c58656883, Mar 20, 2013, PrivateKeyE

ntry,

Certificate fingerprint (MD5): AB:3F:79:FD:F5:1E:B3:69:78:8C:1C:AC:41:B3:29:6B

 

The certificate alias in this case is le-webserver2003-8f6daf5b-8c89-405f-b3bb-045c58656883. Use it in place of “src-alias” in the command below (yours will be different).

 

4)      Rename the existing file called “keystore” to keystore.orig.

 

5)      Run the following command:

keytool -importkeystore -srcstoretype pkcs12 -srcalias src-alias -srckeystore c:\path\to\pfx.pfx -keystore keystore -destalias unifi

 

Use the same password from step 1.

 

6)     Start the UniFi server.

Emerging Member
Posts: 69
Registered: ‎08-08-2012
Kudos: 9
Solutions: 2

Re: UniFi Server HTTPS Certificate

Can i do this with a GoDaddy SSL cert i have purchased?.

 

 

New Member
Posts: 3
Registered: ‎03-20-2013
Kudos: 20
Solutions: 1

Re: UniFi Server HTTPS Certificate

It should work. Do you know how to use the Certificates MMC snap-in?

Emerging Member
Posts: 69
Registered: ‎08-08-2012
Kudos: 9
Solutions: 2

Re: UniFi Server HTTPS Certificate

Yes i do Smiley Happy

Member
Posts: 134
Registered: ‎04-24-2012
Kudos: 22

Re: UniFi Server HTTPS Certificate

Hiya Guys, 

 

Tried a few different ways of installing new certificate (windows server) and if I follow the way in the wiki, via java i try to add certifictae and it keeps telling me error. 

 

Please could you advise.

 

BTW, tried using keytool and I get an error that jli.dll is not installed.

 

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ssl
.crt
parse ssl.crt (PEM, 1 certs): CN=unifi.dragonwifi.co.uk
Importing signed cert[unifi.dragonwifi.co.uk]
ERROR! missing cert file for [CN=StartCom Class 1 Primary Intermediate Server CA
]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\sub
.class1.server.ca.pem
parse sub.class1.server.ca.pem (PEM, 1 certs): CN=StartCom Class 1 Primary Inter
mediate Server CA
Importing signed cert[StartCom Class 1 Primary Intermediate Server CA]
ERROR! missing cert file for [CN=StartCom Certification Authority]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca.
pem
parse ca.pem (PEM, 1 certs): CN=StartCom Certification Authority
Importing signed cert[StartCom Certification Authority]
Certificates successfuly imported. Please restart the UniFi Controller.

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca-
bundle.pem
parse ca-bundle.pem (PEM, 18 certs):
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority G2]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Class 1 Primary Intermediate Client CA]
found [CN=StartCom Class 1 Primary Intermediate Domain Controller CA]
found [CN=StartCom Class 1 Intermediate CA - Mobile Experts sp. z o.o.]
found [CN=StartCom Class 1 Intermediate CA - The City of Osmio]
found [CN=StartCom Class 1 Primary Intermediate Server CA]
found [CN=StartCom Class 2 Primary Intermediate Client CA]
found [CN=StartCom Class 2 Primary Intermediate Object CA]
found [CN=StartCom Class 2 Intermediate CA - JanRain Inc.]
found [CN=StartCom Class 2 Primary Intermediate Server CA]
found [CN=StartCom Class 3 Primary Intermediate Client CA]
found [CN=StartCom Class 3 Primary Intermediate Object CA]
found [CN=StartCom Class 3 Primary Intermediate Server CA]
found [CN=StartCom Extended Validation Server CA]
Importing signed cert[StartCom Certification Authority]
ERROR! missing cert file for [CN=StartCom Certification Authority G2]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\sum
.pem
parse sum.pem (PEM, 1 certs): CN=StartCom Class 2 Primary Intermediate Object CA

Importing signed cert[StartCom Class 2 Primary Intermediate Object CA]
ERROR! missing cert file for [CN=StartCom Certification Authority]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ssl
.crt
parse ssl.crt (PEM, 1 certs): CN=unifi.dragonwifi.co.uk
Importing signed cert[unifi.dragonwifi.co.uk]
ERROR! missing cert file for [CN=StartCom Class 1 Primary Intermediate Server CA
]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\sub
.class1.server.ca.pem
parse sub.class1.server.ca.pem (PEM, 1 certs): CN=StartCom Class 1 Primary Inter
mediate Server CA
Importing signed cert[StartCom Class 1 Primary Intermediate Server CA]
ERROR! missing cert file for [CN=StartCom Certification Authority]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\sub
.class1.client.ca.pem
parse sub.class1.client.ca.pem (PEM, 1 certs): CN=StartCom Class 1 Primary Inter
mediate Client CA
Importing signed cert[StartCom Class 1 Primary Intermediate Client CA]
ERROR! missing cert file for [CN=StartCom Certification Authority]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ssl
.crt
parse ssl.crt (PEM, 1 certs): CN=unifi.dragonwifi.co.uk
Importing signed cert[unifi.dragonwifi.co.uk]
ERROR! missing cert file for [CN=StartCom Class 1 Primary Intermediate Server CA
]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca-
bundle.pem
parse ca-bundle.pem (PEM, 18 certs):
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority G2]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Class 1 Primary Intermediate Client CA]
found [CN=StartCom Class 1 Primary Intermediate Domain Controller CA]
found [CN=StartCom Class 1 Intermediate CA - Mobile Experts sp. z o.o.]
found [CN=StartCom Class 1 Intermediate CA - The City of Osmio]
found [CN=StartCom Class 1 Primary Intermediate Server CA]
found [CN=StartCom Class 2 Primary Intermediate Client CA]
found [CN=StartCom Class 2 Primary Intermediate Object CA]
found [CN=StartCom Class 2 Intermediate CA - JanRain Inc.]
found [CN=StartCom Class 2 Primary Intermediate Server CA]
found [CN=StartCom Class 3 Primary Intermediate Client CA]
found [CN=StartCom Class 3 Primary Intermediate Object CA]
found [CN=StartCom Class 3 Primary Intermediate Server CA]
found [CN=StartCom Extended Validation Server CA]
Importing signed cert[StartCom Certification Authority]
ERROR! missing cert file for [CN=StartCom Certification Authority G2]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>keytool -genkey -alias http://unifi.dragon
wifi.co.uk -dname "cn=unifi.dragonwifi.co.uk, o=unifi.dragonwifi, o=.co.uk
'keytool' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\jfdesktop\Ubiquiti UniFi\lib>cd Ubiquiti Unifi
The system cannot find the path specified.

C:\Users\jfdesktop\Ubiquiti UniFi\lib>cd c:
C:\Users\jfdesktop\Ubiquiti UniFi\lib

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca-
bundle.pem
parse ca-bundle.pem (PEM, 18 certs):
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority G2]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Class 1 Primary Intermediate Client CA]
found [CN=StartCom Class 1 Primary Intermediate Domain Controller CA]
found [CN=StartCom Class 1 Intermediate CA - Mobile Experts sp. z o.o.]
found [CN=StartCom Class 1 Intermediate CA - The City of Osmio]
found [CN=StartCom Class 1 Primary Intermediate Server CA]
found [CN=StartCom Class 2 Primary Intermediate Client CA]
found [CN=StartCom Class 2 Primary Intermediate Object CA]
found [CN=StartCom Class 2 Intermediate CA - JanRain Inc.]
found [CN=StartCom Class 2 Primary Intermediate Server CA]
found [CN=StartCom Class 3 Primary Intermediate Client CA]
found [CN=StartCom Class 3 Primary Intermediate Object CA]
found [CN=StartCom Class 3 Primary Intermediate Server CA]
found [CN=StartCom Extended Validation Server CA]
Importing signed cert[StartCom Certification Authority]
ERROR! missing cert file for [CN=StartCom Certification Authority G2]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca.
pem
parse ca.pem (PEM, 1 certs): CN=StartCom Certification Authority
Importing signed cert[StartCom Certification Authority]
Certificates successfuly imported. Please restart the UniFi Controller.

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca-
bundle.pem
parse ca-bundle.pem (PEM, 18 certs):
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority G2]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Class 1 Primary Intermediate Client CA]
found [CN=StartCom Class 1 Primary Intermediate Domain Controller CA]
found [CN=StartCom Class 1 Intermediate CA - Mobile Experts sp. z o.o.]
found [CN=StartCom Class 1 Intermediate CA - The City of Osmio]
found [CN=StartCom Class 1 Primary Intermediate Server CA]
found [CN=StartCom Class 2 Primary Intermediate Client CA]
found [CN=StartCom Class 2 Primary Intermediate Object CA]
found [CN=StartCom Class 2 Intermediate CA - JanRain Inc.]
found [CN=StartCom Class 2 Primary Intermediate Server CA]
found [CN=StartCom Class 3 Primary Intermediate Client CA]
found [CN=StartCom Class 3 Primary Intermediate Object CA]
found [CN=StartCom Class 3 Primary Intermediate Server CA]
found [CN=StartCom Extended Validation Server CA]
Importing signed cert[StartCom Certification Authority]
ERROR! missing cert file for [CN=StartCom Certification Authority G2]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca-
bundle.pem
parse ca-bundle.pem (PEM, 18 certs):
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority G2]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Class 1 Primary Intermediate Client CA]
found [CN=StartCom Class 1 Primary Intermediate Domain Controller CA]
found [CN=StartCom Class 1 Intermediate CA - Mobile Experts sp. z o.o.]
found [CN=StartCom Class 1 Intermediate CA - The City of Osmio]
found [CN=StartCom Class 1 Primary Intermediate Server CA]
found [CN=StartCom Class 2 Primary Intermediate Client CA]
found [CN=StartCom Class 2 Primary Intermediate Object CA]
found [CN=StartCom Class 2 Intermediate CA - JanRain Inc.]
found [CN=StartCom Class 2 Primary Intermediate Server CA]
found [CN=StartCom Class 3 Primary Intermediate Client CA]
found [CN=StartCom Class 3 Primary Intermediate Object CA]
found [CN=StartCom Class 3 Primary Intermediate Server CA]
found [CN=StartCom Extended Validation Server CA]
Importing signed cert[StartCom Certification Authority]
ERROR! missing cert file for [CN=StartCom Certification Authority G2]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca-
g2.prm
Unable to import the certificate into keystore

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca-
g2.pem
Unable to import the certificate into keystore

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca-
g2.cer
parse ca-g2.cer (DER, 1 certs): CN=StartCom Certification Authority G2
Importing signed cert[StartCom Certification Authority G2]
Certificates successfuly imported. Please restart the UniFi Controller.

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca-
bundle.pem
parse ca-bundle.pem (PEM, 18 certs):
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority G2]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Class 1 Primary Intermediate Client CA]
found [CN=StartCom Class 1 Primary Intermediate Domain Controller CA]
found [CN=StartCom Class 1 Intermediate CA - Mobile Experts sp. z o.o.]
found [CN=StartCom Class 1 Intermediate CA - The City of Osmio]
found [CN=StartCom Class 1 Primary Intermediate Server CA]
found [CN=StartCom Class 2 Primary Intermediate Client CA]
found [CN=StartCom Class 2 Primary Intermediate Object CA]
found [CN=StartCom Class 2 Intermediate CA - JanRain Inc.]
found [CN=StartCom Class 2 Primary Intermediate Server CA]
found [CN=StartCom Class 3 Primary Intermediate Client CA]
found [CN=StartCom Class 3 Primary Intermediate Object CA]
found [CN=StartCom Class 3 Primary Intermediate Server CA]
found [CN=StartCom Extended Validation Server CA]
Importing signed cert[StartCom Certification Authority]
ERROR! missing cert file for [CN=StartCom Certification Authority G2]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca.
pem
parse ca.pem (PEM, 1 certs): CN=StartCom Certification Authority
Importing signed cert[StartCom Certification Authority]
Certificates successfuly imported. Please restart the UniFi Controller.

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\sub
.class1.server.ca.pem
parse sub.class1.server.ca.pem (PEM, 1 certs): CN=StartCom Class 1 Primary Inter
mediate Server CA
Importing signed cert[StartCom Class 1 Primary Intermediate Server CA]
ERROR! missing cert file for [CN=StartCom Certification Authority]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ca-
bundle.crt
parse ca-bundle.crt (PEM, 18 certs):
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority G2]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Certification Authority]
found [CN=StartCom Class 1 Primary Intermediate Client CA]
found [CN=StartCom Class 1 Primary Intermediate Domain Controller CA]
found [CN=StartCom Class 1 Intermediate CA - Mobile Experts sp. z o.o.]
found [CN=StartCom Class 1 Intermediate CA - The City of Osmio]
found [CN=StartCom Class 1 Primary Intermediate Server CA]
found [CN=StartCom Class 2 Primary Intermediate Client CA]
found [CN=StartCom Class 2 Primary Intermediate Object CA]
found [CN=StartCom Class 2 Intermediate CA - JanRain Inc.]
found [CN=StartCom Class 2 Primary Intermediate Server CA]
found [CN=StartCom Class 3 Primary Intermediate Client CA]
found [CN=StartCom Class 3 Primary Intermediate Object CA]
found [CN=StartCom Class 3 Primary Intermediate Server CA]
found [CN=StartCom Extended Validation Server CA]
Importing signed cert[StartCom Certification Authority]
ERROR! missing cert file for [CN=StartCom Certification Authority G2]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\sub
.class1.server.ca.crt
parse sub.class1.server.ca.crt (DER, 1 certs): CN=StartCom Class 1 Primary Inter
mediate Server CA
Importing signed cert[StartCom Class 1 Primary Intermediate Server CA]
ERROR! missing cert file for [CN=StartCom Certification Authority]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ssl
.crt
parse ssl.crt (PEM, 1 certs): CN=unifi.dragonwifi.co.uk
Importing signed cert[unifi.dragonwifi.co.uk]
ERROR! missing cert file for [CN=StartCom Class 1 Primary Intermediate Server CA
]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\ssl
.key
Unable to import the certificate into keystore

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\sub
.class1.server.sha2.ca.pem
parse sub.class1.server.sha2.ca.pem (PEM, 1 certs): CN=StartCom Class 1 Primary
Intermediate Server CA
Importing signed cert[StartCom Class 1 Primary Intermediate Server CA]
ERROR! missing cert file for [CN=StartCom Certification Authority]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>java -jar ace.jar import_cert C:\Certs\sub
.class1.server.sha2.ca.pem
parse sub.class1.server.sha2.ca.pem (PEM, 1 certs): CN=StartCom Class 1 Primary
Intermediate Server CA
Importing signed cert[StartCom Class 1 Primary Intermediate Server CA]
ERROR! missing cert file for [CN=StartCom Certification Authority]

C:\Users\jfdesktop\Ubiquiti UniFi\lib>^A

****************
AIRMAX CERTIFIED
****************

If you know your countries EIRP limits, please post here:- https://community.ubnt.com/t5/Wireless-Networking/Wireless-Transmission-Limits/m-p/430101/highlight/false#M34956
New Member
Posts: 6
Registered: ‎03-24-2014
Kudos: 6
Solutions: 1

Re: UniFi Server HTTPS Certificate

Thanks alot RamonMedina.

I know it´s an old post, but I´ve been searching for a solution to this problem for the last few days and your post did it..

Smiley Happy

Emerging Member
Posts: 48
Registered: ‎07-25-2011
Kudos: 8
Solutions: 1

Re: UniFi Server HTTPS Certificate

Hey guys,

So, I have a Wildcard SSL certificate for my domain, that I use for a range of websites and servers.  So I was wanting to use this existing certificate to secure my UniFi server.

At the moment I have the same certificate in a few forms, as I've installed it onto Apache, Lighttpd and IIS.

I've tried importing the certificate and all appropriate Intermediate CA and Root CA certificates, and it advises that it's installed the certificate.  But when I try to access the webserver, it's simply unavailable.

I've tried looking through /var/log/unifi/server.log and /var/log/syslog and there are no errors relating to any issues with UniFi and the certificate.

I imported the PEM encoded .pem file that I used for Lighttpd as it's got the Key cat'ed into it as well.

 

Thanks,

D

Emerging Member
Posts: 61
Registered: ‎08-06-2013
Kudos: 3

Re: UniFi Server HTTPS Certificate

 
Reply