Skip to content

Instantly share code, notes, and snippets.

@jrotello
Created March 14, 2017 03:30
Show Gist options
  • Save jrotello/18ab3e1982d46b04a269dfbc63aa097f to your computer and use it in GitHub Desktop.
Save jrotello/18ab3e1982d46b04a269dfbc63aa097f to your computer and use it in GitHub Desktop.
Deploy dehydrated generated certificate to Unifi controller
#!/bin/bash
# Setup your Domain
DOMAIN="<domain_name_here>"
DEHYDRATED_CERTS="/home/dehydrated/certs/$DOMAIN"
# Stop the services
echo "Stopping services..."
service nginx stop
service unifi stop
# Convert cert to PKCS #12 format
echo "Create temporary PKCS12..."
openssl pkcs12 \
-export \
-inkey $DEHYDRATED_CERTS/privkey.pem \
-in $DEHYDRATED_CERTS/fullchain.pem \
-out /etc/ssl/private/cert.p12 \
-name ubnt -password pass:temppass
# Load it into the java keystore that UBNT understands
echo "Load PKCS12 into the java keystore"
keytool \
-importkeystore \
-deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \
-destkeystore /etc/ssl/private/unifi.keystore.jks \
-srckeystore /etc/ssl/private/cert.p12 \
-srcstoretype PKCS12 \
-srcstorepass temppass \
-alias ubnt \
-noprompt
# Clean up and use new cert
echo "Remove temporary PKCS12..."
rm /etc/ssl/private/cert.p12
# Also use the same certificate for Nginx (Cloud Key Configuration)
echo "Configure Nginx (Cloud Key Configuration)..."
rm /etc/ssl/private/cloudkey.crt
rm /etc/ssl/private/cloudkey.key
cp $DEHYDRATED_CERTS/privkey.pem /etc/ssl/private/cloudkey.key
cp $DEHYDRATED_CERTS/fullchain.pem /etc/ssl/private/cloudkey.crt
cd /etc/ssl/private/
tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks
#Start the services
echo 'Starting services...'
service nginx start
service unifi start
echo "Done!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment