This shows you the differences between two versions of the page.
— |
tips:networking:unifi_ssl_cert [2018/05/09 15:27] (current) mattieu created |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Installing custom SSL certs on UniFi Cloud Key ====== | ||
+ | ===== Generate certificate ===== | ||
+ | Generate the certificate with dehydrated: | ||
+ | < | ||
+ | ./ | ||
+ | Then copy the renewed certificate to the UniFi Cloud Key. | ||
+ | ===== Install the new certificate ===== | ||
+ | First archive the existing files: | ||
+ | < | ||
+ | # mkdir backup_2018-05-09 | ||
+ | # mv cert.tar cloudkey.crt ssl-cert-snakeoil.key unifi.keystore.jks backup_2018-05-09/</ | ||
+ | Then, generate a signed.crt with only the new certificate (cloudkey.crt contains both our new certificate and the CA certificate), | ||
+ | < | ||
+ | # mv ~/ | ||
+ | # openssl pkcs12 -export -in signed.crt -inkey cloudkey.key -certfile cloudkey.crt -out unifi.p12 -name unifi -password pass: | ||
+ | # keytool -importkeystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore unifi.keystore.jks -storepass aircontrolenterprise | ||
+ | # rm signed.crt unifi.p12 | ||
+ | # tar cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks | ||
+ | # chown root: | ||
+ | # chmod 640 cloudkey.crt cloudkey.key unifi.keystore.jks cert.tar | ||
+ | # / | ||
+ | </ | ||
+ | ~~NOTOC~~ |