Hello everyone,
Just wanted to share this story, because it took me some time and hopefully this can save some time for you all…
UPDATE ! 2022-10-18 (New unifi controller version / Ubuntu version)
There was a day I was working on my unifi controller and wanted to make it safer by adding an SSL certificate.
Piece of cake I thought, but while doing this the ’trial and error’ way of it-life, I combined all the google search and community pieces together..
I now run Unifi Controller 7.2.94 on Ubuntu 22.04.1 LTS and I have a Comodo/Sectigo wildcard *.domain.tld certificate.
Important note, I can download my Versio certificate from my provider decrypted or encrypted.
I now used the decrypted versions.
Step 1
I created a subdomain unifi.domain.tld with A-record to my controller IP (DNS A Record)
Step 2
I downloaded my Versio certificate (!Decrypted) and I received a zip-file, I unzipped it and it had 4 files:
cabundle.crt certificate.crt certificate.key certificate.p7b
Step 3
I work on a windows system and first I created a pfx certificate.It is very easy on windows: Download the latest OpenSSL zip for windows.
I copied cabundle.crt, certificate.crt, certificate.key into #\tmp
I open cmd with administrator privileges.
Go into #\tmp
> cd "tmp"
Then I run:
> openssl pkcs12 -export -out certificate.pfx -inkey certificate.key -in certificate.crt -certfile cabundle.crt -password pass:aircontrolenterprise -name "alias"
This creates a certificate.pfx file. We will need that. (Note the “aircontrolenterprise” password, this is what the controller wants…)
Step 4
I ssh into my Ubuntu (you can use Putty)
I made sure that I had root rights:
> sudo su -
Step 5
Filetransfer the certificate.pfx to /tmp of the ubuntu system. (I use WinSCP)! Small note! Find a way to transfer it, do not copy the content into a nano new file… It will not work.WinSCP is free and you can use your ssh login to copy to your home directory and then the root rights to copy it to /tmp
> /tmp/certificate.pfx
Step 6
I created a backup of the current keystore (Very important! When it goes wrong, you can just place this back and restart the controller.
The backup:
> cd /var/lib/unifi > sudo mv keystore keystore.orig
Step 7
I create the new keystore
> cd /var/lib/unifi/ > sudo keytool -importkeystore -srcstoretype pkcs12 -srcalias alias -srckeystore /tmp/certificate.pfx -keystore keystore -destalias unifi
The system will ask you 3 times for a password or passphrase, this should be aircontrolenterprise
Step 8
Al that was left was to restart the unifi controller:
sudo service unifi restart
That’s it… (So easy when this is the exact quick guide you need)
Thanks to google, this community,the github community and my provider TransIP to hand me all of the pieces of the puzzle.
Special thanks to:
&