Installing a Custom SSL Certificate on a Linux UniFi Controller

It took me a while to find this so it seems worth posting here.

Once you have a signed certificate file we need to create a p12 keystore file. In my case the certificate was from Go Daddy and there’s an intermediate certificate (gd_bundle-g2-g1.crt) that needs to be included.

openssl pkcs12 -export -in example.crt \
-inkey example.key \
-out example.p12 \
-name unifi \
-certfile gd_bundle-g2-g1.crt

At the prompt enter the password aircontrolenterprise.

We can then import example.p12 into the Unifi keystore:

sudo keytool -importkeystore \
-deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \
-destkeystore /usr/lib/unifi/data/keystore \
-srckeystore example.p12 \
-srcstoretype PKCS12 \
-srcstorepass aircontrolenterprise \
-alias unifi

And restart the controller with service unifi restart.

Related Posts