How to: Install a valid SSL Certificate for Ubiquiti Networks’ Unifi Controller
How to: Install a valid SSL Certificate for Ubiquiti Networks’ Unifi Controller
Problem
If you are like me, you are probably sick by now of having the certificate error page pop up everytime you visit the controller’s page. I personally think Ubiquiti should make it as easily as uploading a web certificate via the GUI / Web page but for now I am just thankful there is a way to do via the command line. You should note I have only been able to install a web certificate on the Unifi Controller (The one that controls networking equipment) and the Unifi Voip Controller. The Mfi controller and Video controller seem a bit behind the times and I have not been able to assign them proper web certificates yet.
Solution
UniFi relies on HTTPS for extra security. This means that the browser will check for valid certificates when making a secure connection to the web server. Although the alert message may prove annoying, there’s no risk to the connecting user. To avoid this error:
- Buy a signed SSL certificate from any web hosting provider.
- Then make the following changes to the controller:
sudo su - # cd <unifi_base> # on Windows, "%USERPROFILE%/Ubiquiti Unifi" cd /usr/lib/unifi # create new certificate (with csr) java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country> # your CSR can be found at /var/lib/unifi # - unifi_certificate.csr.der # - unifi_certificate.csr.pem # have this CSR signed by a CA, you'll get a few certificates back... # copy the signed certificate(s) to <unifi_base> # import the signed certificate and other intermediate certificates java -jar lib/ace.jar import_cert <signed_cert> [<other_intermediate_root_certs>...]
I have used this instructions (obtained from: https://help.ubnt.com/hc/en-us/articles/212500127-UniFi-SSL-certificate-error-upon-opening-controller-page) successfully. Remember the unifi base folder changes depending on what unifi controller you are using (video, voip, mfi, base, etc.) The instructions imply only the base controller has this fuctionality but I was able to do it with the voip controller as well.
Can we use Let’s Encrypt, the free and open certificate authority?