How to import certificate to Unifi Controller

I recently installed a UniFi Controller on a Windows Server to manage my net Wifi network. And damn, i should have turned to UniFi before – it really works nice!

Unfortunate there isn’t any easy way in the GUI to import the certificate. But it’s possible to import the certificates just with 2 commands as below 🙂

All certificates i use i get from Let’s Encrypt. When generating the certitifcates i also export them as .pem files. This is great, because we can then use openssl to make an .p12 file with both cert, root and key.

First you need to make the .p12 file, which we will do with OpenSSL. You can download and install OpenSSL from here: https://slproweb.com/products/Win32OpenSSL.html

Convert it like this and remember to use the password ‘aircontrolenterprise’ as it is the password being used by the controller (i guess).
Change directory to where your certificate files are located. I have them in a subfolder i created in the data folder in the unifi installation directory.

C:\Users\rasmus\Ubiquiti UniFi\data\certs>"C:\Program Files\OpenSSL-Win64\bin\openssl.exe" pkcs12 -export -in .h0me.dk-chain.pem -inkey .h0me.dk-key.pem -out unifi.p12 -name unifi

Note that the chain file includes both the certificate and the root cert.

When this is done then import the .p12 file to the java keystore file:

C:\Users\rasmus\Ubiquiti UniFi\data\certs>"C:\Program Files\Java\jre1.8.0_271\bin\keytool.exe" -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore ..\keystore  -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi

Chose yes to overwrite it.

Then just reboot the server to get java to reload the certificate – now it works.

I’ll have to make a powershell script to do it automatic – i dont wanna do this every 90 days 🙂

Update: I create all my certificates on another machine. I have included in my powershell script that does that, that it should move, delete and import the new certificate automatic. Its done with powershell as this. Sorry for no description, guess you’ll find out about it 🙂 This is just the part of my script that you’ll actually need to import it automatic 🙂 Let me know if you need more info!

$openSSl = "C:\Program Files\OpenSSL-Win64\bin\openssl.exe"

& $openSSl pkcs12 -export -in C:\Certs\Auto_.h0me.dk-chain.pem -inkey C:\Certs\Auto_.h0me.dk-key.pem -out C:\Certs\Auto\unifi.p12 -name unifi -password pass:aircontrolenterprise

Copy-Item -Path "C:\Certs\Auto\unifi.p12" -Destination "\unifi.h0me.dk\c$\Users\rasmus\Ubiquiti UniFi\data\certs\"

Invoke-Command -ComputerName unifi.h0me.dk -ScriptBlock {& "C:\Program Files\Java\jre1.8.0_271\bin\keytool.exe" -delete -alias unifi -keystore "C:\Users\rasmus\Ubiquiti UniFi\data\keystore" -storepass aircontrolenterprise}\

Invoke-Command -ComputerName unifi.h0me.dk -ScriptBlock {& "C:\Program Files\Java\jre1.8.0_271\bin\keytool.exe" -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore "C:\Users\rasmus\Ubiquiti UniFi\data\keystore"  -srckeystore "C:\Users\rasmus\Ubiquiti UniFi\data\certs\unifi.p12" -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi}

shutdown /r /t 30 /m \\unifi.h0me.dk

Enjoy!

/Rasmus

Share

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *