====== Installing custom SSL certs on UniFi Cloud Key ======
===== Generate certificate =====
Generate the certificate with dehydrated:
<code>$ cd dehydrated
./dehydrated -s unifi.csr > cloudkey.crt</code>
Then copy the renewed certificate to the UniFi Cloud Key.
===== Install the new certificate =====
First archive the existing files:
<code># cd /etc/ssl/private
# mkdir backup_2018-05-09
# mv cert.tar cloudkey.crt ssl-cert-snakeoil.key unifi.keystore.jks backup_2018-05-09/</code>
Then, generate a signed.crt with only the new certificate (cloudkey.crt contains both our new certificate and the CA certificate), and copy the files:
<code># mv ~/cloudkey.crt .
# mv ~/signed.crt .
# openssl pkcs12 -export -in signed.crt -inkey cloudkey.key -certfile cloudkey.crt -out unifi.p12 -name unifi -password pass:aircontrolenterprise
# keytool -importkeystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore unifi.keystore.jks -storepass aircontrolenterprise
# rm signed.crt unifi.p12
# tar cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks
# chown root:ssl-cert cloudkey.crt cloudkey.key unifi.keystore.jks cert.tar
# chmod 640 cloudkey.crt cloudkey.key unifi.keystore.jks cert.tar
# /etc/init.d/nginx restart; /etc/init.d/unifi restart
</code>
~~NOTOC~~