Describe when someone would need this information. For example "when connecting to wi-fi for the first time".

Step-by-step guide

Add the steps involved:

1. SSH into your server

2. Change directory into the UniFi home directory

   cd /opt/UniFi

   
   

3. Make a backup of the keystore

   cp data/keystore data/keystore.bak

   
   

4. Generate the Certificate Signing Request (CSR)

   openssl req -new -newkey rsa:2048 -nodes -out unifi.csr -keyout unifi.key

   
   

   You can also use the DigiCert Easy CSR tool.

   
   

5. Get your certificate signed by your Certificate Authority of choice. We recommend DigiCert.

6. Copy and paste your signed certificate to the server in the current UniFi home directory.

   nano unifi.crt

   
   

   1. Press Control-X to exit
   2. Type Y and press Enter to save the file

7. Create a PKCS#12 archive

   openssl pkcs12 -export -in unifi.crt -inkey unifi.key -out unifi.p12 -name unifi -password pass:aircontrolenterprise

   
   

   1. If your CA requires an intermediate certificate, append the following to the previous command before submitting it.

      -CAfile "intermediate_cert_from_CA.crt" -caname root

      
      

8. Import the PKCS#12 archive into the keystore

   keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore data/keystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi

   
   

9. You will be asked the following

   Existing entry alias unifi exists, overwrite? [no]:

   
   

   1. Type yes and press Enter
10. You may get a warning about the JKS keystore using a proprietary format, but you can ignore that.

11. Restart the UniFi service

    systemctl restart unifi

    
    

12. That's it! The new certificate should now be active!

Related articles

Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.