I was trying to import certs with own CA according to Ubiquity docs, but it fails. Probably because my CA was self-signed. So I've had to do it manually.
You should consider making backup, really
Generate certificates, e.g. with easy-rsa. Pack certs into pkcs12 and upload them to the controller:
openssl pkcs12 -export -in unifi.crt -inkey unifi.key -out unifi.p12 -name unifi -CAfile ca.crt -caname root
scp unifi.p12 unifi:/tmp/
Connect with SSH to Unifi Cloud Key and rewrite keystore:
mv /etc/ssl/private/unifi.keystore.jks /tmp/keystore.bak
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /etc/ssl/private/unifi.keystore.jks -srckeystore /tmp/unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi
Next, restart unifi controller:
service unifi restart
Just copy your certs over default nginx ones:
scp unifi.crt unifi:/etc/ssl/private/cloudkey.crt
scp unifi.key unifi:/etc/ssl/private/cloudkey.key
Connect with SSH to Unifi Cloud Key and restart nginx server:
service nginx restart
- Certs with keystore are placed in
/etc/ssl/private/ /usr/lib/unifi/data/keystorelinks to/etc/ssl/private/unifi.keystore.jksand it's rewritten automatically- In
/etc/ssl/private/cert.tarthere is backup of self signed certs and keystore
It worked for me with Unifi Controller v5.9.32 and CloudKey firmware v0.12.1, but YMMV.