Unifi keystore

 

https://gist.github.com/hdml/8a446dc1b0ad4f94b7a17a67a33286ab

##Installing a custom SSL cert on Unifi Controller

Requirements:

Domain certificate (.crt)

Certificate key (.key)

Intermediate certificate from CA (*.crt, *.pem)

Permissions to restart the unifi service

Debian or Ubuntu Unifi Controller installation

###Backup your current keystore

cd /var/lib/unifi

sudo cp keystore keystore.bkp

###Create pkcs12 certificate

openssl pkcs12 -export -in domain_certificate.crt -inkey domain_certificate_priv.key -out domain_certificate.p12 -name unifi -CAfile "intermediate_cert_from_CA.crt" -caname root -password pass:aircontrolenterprise

Copy your new cert to /etc/ssl/private

sudo cp domain_certificate.p12 /etc/ssl/private

###Replace certificate in keystore with newly created cert

sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -srckeystore /etc/ssl/private/domain_certificate.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi

When prompted to replace the current certificate, say yes.

###Restart the Unifi Controller service

sudo reboot