Net Assured

Net Assured

Network and Security Consultancy

T 07789 400408
Email: nick.moody@netassured.co.uk

Net Assured Limited
84 Goodacre, Orton Goldhay, Peterborough, PE2 5LZ

  • Consultancy
  • Blog
    • Automation
    • Certificates
    • Certifications
    • Lab
    • Security
    • Networking
    • The Bookshelf
    • Personal
  • About
  • Contact

Unifi Controller Import Externally Generated Certificate

Saturday, 05 August 2017 / Published in Certificates, Security

Unifi Controller Import Externally Generated Certificate

I’ve just replaced the certificate on my Unifi controller due to the Google Chrome warnings about certificates with no subject alternative name extensions. I had to use my strongest Google-Fu and search for “Unifi Controller Import Externally Generated Certificate”. It was pretty hard finding all the details I needed so this is my gift to you, everything you need to know for importing an externally generated certificate for the Unifi Controller in one blog post. Generating a CSR on the Unifi controller does not support SAN (Subject Alternative Name) extensions so you need to generate the CSR externally,  have it signed by a CA then import back into the controller in PKCS12 format.

Step 1)

First generate a keypair and csr to include subject alternative name using this method that I’ve documented in a previous post:

Using OpenSSL to generate CSR’s with Subject Alternative Name

Step 2)

Have a CA sign the CSR then generate a PKCS12 as below obviously replacing the values for  your own:

$ sudo openssl pkcs12 -export -out unifi.pfx -inkey unifi-corp-netassured-co.uk.key -in unifi.cer
Enter Export Password:
Verifying - Enter Export Password:

Step 3)

Import the PKCS12 into the Java keystore on the VM hosting your controller:

$ sudo service unifi stop
$ sudo keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore unifi.pfx -srcstoretype PKCS12 -srcstorepass password  -noprompt
Entry for alias 1 successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled
$ sudo service unifi start

Test the new certificate

Now attempt a new connection to your controller and hopefully see a nice green secure padlock 🙂

Tagged under: certificates, openssl, unifi

Recent Posts

  • GNS3 VM on ESXi 802.1q link to external network

    This post details my experiences getting the GN...
  • Restore VMware ESXi Host Configuration

    This is a follow up post to the last one about ...
Tweets by nickpmoody
Follow @nickpmoody

Categories

  • Automation
  • Certificates
  • Certifications
  • Lab
  • Networking
  • Personal
  • Security
  • The Bookshelf

Menu

  • Consultancy
  • Blog
  • About
  • Contact

Get In Touch

T 07789 400408
Email: nick.moody@netassured.co.uk
NET ASSURED LIMITED
84 Goodacre | Orton Goldhay
Peterborough | PE25LZ
Company Registration: 9480811
VAT Registration: 207 5161 32
  • GET SOCIAL

© 2015 - 2019 Copyright by Net Assured Limited | All rights reserved

TOP