Thursday, August 11, 2016

After having a bit of trouble installing my own certificate on Ubiquiti's Unifi software on Linux, I though I would let you know the process I went through.

First up, in my case I had my CA Certificate + User Certificate + User Key in .p12 format.

If you have already installed the Unifi software then please, please, please make a config backup.

Install the Unifi software on your server and make sure you can get to the Management page where it will be using an untrusted certificate from ubnt.com



Download Keystore Explorer for your OS from http://www.keystore-explorer.org/ which is a GUI for some java command line tools to deal with keystores.

Create a new keystore of type JKS

Import key pair, and select your .p12 certificate.



give it password 'aircontrolenterprise' (This is the ubiquity set password on the existing keystore that we are going to replace)

When requested to give it an alias, give it an alias 'unifi'



Save it.

SSH back to the server running your Unifi.

Stop the unifi service by running the command 'sudo service unifi stop'

move the existing keystore that we are going to replace by running 'sudo mv /var/lib/unifi/keystore /var/lib/unifi/keystore.original'

Use FTP or another method to copy the keystore you created with Keystore Explorer into the same location /var/lib/unifi/keystore

restart the service by running 'sudo service unifi start'

Back on your client machine, browse to the Unifi Management to test.
You should now have your own trusted certificate and can start restoring your saved config or starting with your fresh Unifi install.