tips:networking:unifi_ssl_cert
Installing custom SSL certs on UniFi Cloud Key
Generate certificate
Generate the certificate with dehydrated:
$ cd dehydrated ./dehydrated -s unifi.csr > cloudkey.crt
Then copy the renewed certificate to the UniFi Cloud Key.
Install the new certificate
First archive the existing files:
# cd /etc/ssl/private # mkdir backup_2018-05-09 # mv cert.tar cloudkey.crt ssl-cert-snakeoil.key unifi.keystore.jks backup_2018-05-09/
Then, generate a signed.crt with only the new certificate (cloudkey.crt contains both our new certificate and the CA certificate), and copy the files:
# mv ~/cloudkey.crt . # mv ~/signed.crt . # openssl pkcs12 -export -in signed.crt -inkey cloudkey.key -certfile cloudkey.crt -out unifi.p12 -name unifi -password pass:aircontrolenterprise # keytool -importkeystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore unifi.keystore.jks -storepass aircontrolenterprise # rm signed.crt unifi.p12 # tar cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks # chown root:ssl-cert cloudkey.crt cloudkey.key unifi.keystore.jks cert.tar # chmod 640 cloudkey.crt cloudkey.key unifi.keystore.jks cert.tar # /etc/init.d/nginx restart; /etc/init.d/unifi restart
tips/networking/unifi_ssl_cert.txt · Last modified: 2018/05/09 15:27 by mattieu
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
