2

I want to replace the self signed Unifi certificate used for the web interface of the UniFi Network application / server v6.5 (on Ubuntu 18 Linux) with a signed (wildcard) certificate and private key I already have.

Where should I put the private key, where the cert and how do I configure the UniFi Network Application / Controller to use this cert?

I found some information but none of them worked for me or seemed to be ways to complicated.

Ludwig
  • 401
  • 3
  • 9

2 Answers2

3

Go to UniFi base folder

cd /usr/lib/unifi

Copy your private key file and the pem file (single file including the cert, intermediate ca cert and chain to the root if needed) to /usr/lib/unifi/

Convert your private key from PKCS#8 to PKCS#1 if necessary (when you get an error message like java.lang.IllegalStateException: private.key contains an artifact that is not a key pair: org.bouncycastle.asn1.pkcs.PrivateKeyInfo)

openssl rsa -in private.key -out transformed-private.key

Stop the UniFi Network application

service unifi stop

Import cert and key to keystore

java -jar lib/ace.jar import_key_cert transformed-private.key certificate.pem

Start the UniFi Network application

service unifi start

Clean up and delete your cert and private key files.

That's it.

Ludwig
  • 401
  • 3
  • 9
0

This is exactly what I was looking for.

Additionally, if you are using an internal CA (As I am) you will need to also upload the CA certificate to the server and specify it at the end-

sudo java -jar lib/ace.jar import_key_cert transformed-private.key certificate.pem ca-certificate.pem
Mr.CityIT
  • 1
  • As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jun 17 '22 at 07:27