Unifi on Ubuntu with custom wildcard certificate

Recently I have decided to move away from free Letsencrypt and create my own wildcard certificate from “commercial” certiicate provider. In my case it is Digicert.

Main reason for this is that I used to forget to renew cert and had to manually reconfigure ports when I used cron script to automatically renew Letsencrypt certificate.

Since I was doing this I also decided to move to new virtual machine. Process for this was very simple:

  1. Install latest Ubuntu server
    1. Apply latest updates
  2. Utilize this simple script to install latest Unifi controller
    1. During site setup, restored backup from old controller
  3. Import Digicert wildcard certificate (explained later)
  4. Changed IP address of new controller to the one of old controller

Import Digicert wildcard certificate

I will just outline this process in easy to follow steps:

  1. Obtain certificate from your provider
  2. Download your .cer file and root and any Intermediate .cer files
  3. Transfer all files to your Ubuntu VM to a location where your .key file is
  4. Run following command to bundle root and intermediate certificates
cat your_domain_name.crt DigiCertCA.crt intermediateCA >> bundle.crt
  1. Run following commands to import certificates and restart Unifi service
openssl pkcs12 -export -in yourwildcardcert.crt -inkey yourcertkeyfile.key -certfile bundle.crt -out unifi.p12 -name unifi -password pass:aircontrolenterprise
keytool -importkeystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -storepass aircontrolenterprise
service unifi restart

And volila! Your Unifi controller is now running on https.

You May Also Like

About the Author: Marin

Started as trainer and administrator in Algebra, then through some years became head of operating systems department at Algebra private college. At that time, he became IT Pro group lead and 5-year Microsoft MVP. After four years in Microsoft covering roles of Infrastructure and Azure TSP, Marin moved to Span to take the role of Senior Solutions Architect for cloud solutions. Personal time is occupied by enjoying short trips with his family and close friends, tinkering with home automation and networking and spending money on too many gadgets.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.