Skip to content

Instantly share code, notes, and snippets.

@nitobuendia

nitobuendia/import_ssl_certificates.sh

Created November 2, 2020 14:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nitobuendia/8d93b788892ed149060d9a64c5f6e317 to your computer and use it in GitHub Desktop.
Save nitobuendia/8d93b788892ed149060d9a64c5f6e317 to your computer and use it in GitHub Desktop.
Download ZIP
Import SSL certificates into UniFi controller
Raw
import_ssl_certificates.sh
#!/usr/bin/env bash
################################################################################
# VERSION 1
################################################################################
# UniFi Controller SSL Certificate Import Script for Unix/Linux Systems
# by Steve Jenkins <http://www.stevejenkins.com/>
# Part of https://github.com/stevejenkins/ubnt-linux-utils/
# UniFi configuration.
UNIFI_SERVICE=unifi
UNIFI_DIR=/var/lib/unifi
JAVA_DIR=/usr/lib/unifi
# Keystore configuration.
ALIAS=unifi
PASSWORD=aircontrolenterprise
KEYSTORE=${UNIFI_DIR}/keystore
# Certificate configuration.
LE_LIVE_DIR=/config/ssl
PRIV_KEY=${LE_LIVE_DIR}/privkey.pem
CHAIN_FILE=${LE_LIVE_DIR}/fullchain.pem
SIGNED_CRT=${LE_LIVE_DIR}/cert.pem # unifi.crt
P12_CERT=${LE_LIVE_DIR}/privkey.pfx # .p12
P12_ALIAS="1"
################################################################################
printf "\nStarting UniFi Controller SSL Import...\n"
printf "\nCreating non-destructive backup as keystore.bak...\n"
cp "${KEYSTORE}" "${KEYSTORE}.bak"
printf "\nRemoving previous certificate data from UniFi keystore...\n"
keytool -delete \
-alias "${ALIAS}" \
-deststorepass "${PASSWORD}" \
-keystore "${KEYSTORE}"
printf "\nImporting SSL certificate into UniFi keystore...\n"
keytool -importkeystore \
-destkeystore "${KEYSTORE}" \
-deststorepass "${PASSWORD}" \
-destkeypass "${PASSWORD}" \
-deststoretype PKCS12 \
-srckeystore "${P12_CERT}" \
-srcstoretype PKCS12 \
-srcstorepass "" \
-alias "${P12_ALIAS}" \
-trustcacerts
printf "\nRenaming source alias to destination alias...\n"
keytool -changealias \
-keystore "${KEYSTORE}" \
-keypass "${PASSWORD}" \
-storepass "${PASSWORD}" \
-alias "${P12_ALIAS}" \
-destalias "${ALIAS}"
printf "\nJava import...\n"
java -jar lib/ace.jar import_cert ${SIGNED_CRT} ${CHAIN_FILE} ${PRIV_KEY}
printf "\nDone!\n"
exit 0
################################################################################
# VERSION 2
################################################################################
# UniFi configuration.
UNIFI_DIR=/usr/lib/unifi
# Keystore configuration.
ALIAS=unifi
PASSWORD=aircontrolenterprise
KEYSTORE=${UNIFI_DIR}/keystore
# Certificate configuration.
CERT_DIR=/config/ssl
PRIV_KEY=${CERT_DIR}/privkey.pem
CHAIN_FILE=${CERT_DIR}/fullchain.pem
SIGNED_CRT=${CERT_DIR}/cert.pem
P12_CERT=${CERT_DIR}/privkey.pfx
P12_ALIAS="1"
P12_PASSWORD=""
################################################################################
printf "\nImporting SSL certificate into UniFi keystore...\n"
keytool -importkeystore \
-srckeystore "${P12_CERT}" \
-srcstoretype pkcs12 \
-srcalias "${P12_ALIAS}" \
-srcstorepass "${P12_PASSWORD}" \
-destkeystore "${KEYSTORE}" \
-deststoretype jks \
-destalias "${ALIAS}" \
-deststorepass "${PASSWORD}" \
-v
printf "\nRestarting service...\n"
# service ${UNIFI_SERVICE} restart
################################################################################
# VERSION 3
################################################################################
# UniFi configuration.
USR_DIR=/usr/lib/unifi
VAR_DIR=/var/lib/unifi
# Keystore configuration.
ALIAS=unifi
PASSWORD=aircontrolenterprise
KEYSTORE=${USR_DIR}/keystore
KEYSTORE_VAR=${VAR_DIR}/keystore
# Certificate configuration.
CERT_DIR=/config/ssl
PRIV_KEY=${CERT_DIR}/privkey.pem
CHAIN_FILE=${CERT_DIR}/fullchain.pem
SIGNED_CRT=${CERT_DIR}/cert.pem
P12_CERT=${USR_DIR}/ssl/privkey.pfx
printf "\nCreating P12 file from certificates...\n"
openssl pkcs12 -export \
-out ${P12_CERT} \
-inkey ${PRIV_KEY} \
-in ${CHAIN_FILE} \
-certfile ${SIGNED_CRT} \
-password pass:${PASSWORD} \
-name "${ALIAS}"
printf "\nChecking P12 keystore data...\n"
keytool -list \
-keystore ${P12_CERT} \
-storetype pkcs12 \
-storepass ${PASSWORD}
printf "\nImporting SSL certificate into UniFi keystore...\n"
keytool -importkeystore \
-srcstoretype pkcs12 \
-srckeystore ${P12_CERT} \
-srcstorepass "${PASSWORD}" \
-srcalias ${ALIAS} \
-keystore ${KEYSTORE} \
-deststorepass "${PASSWORD}" \
-destalias ${ALIAS} \
-v
printf "\nDuplicating keystore in ${KEYSTORE_VAR}...\n"
cp ${KEYSTORE} ${KEYSTORE_VAR}
# printf "\nRestarting service...\n"
# service unifi restart
################################################################################
# VERSION 4
################################################################################
# UniFi configuration.
USR_DIR=/usr/lib/unifi
VAR_DIR=/var/lib/unifi
# Keystore configuration.
ALIAS=unifi
PASSWORD=aircontrolenterprise
KEYSTORE=${VAR_DIR}/keystore
# Certificate configuration.
DOMAIN=subdomain.mydomain.com # This is a placeholder, not the real value.
CERT_DIR=/config/ssl
PRIV_KEY=${CERT_DIR}/privkey.pem
CHAIN_FILE=${CERT_DIR}/fullchain.pem
SIGNED_CRT=${CERT_DIR}/cert.pem
P12_CERT=${USR_DIR}/ssl/fullchain.p12
printf "\nCreating P12 file...\n"
openssl pkcs12 -export \
-inkey ${PRIV_KEY} \
-in ${CHAIN_FILE} \
-out ${P12_CERT} \
-name ${ALIAS} \
-password pass:${PASSWORD}
printf "\nImporting SSL certificate into UniFi keystore...\n"
keytool -importkeystore \
-deststorepass ${PASSWORD} \
-destkeypass ${PASSWORD} \
-destkeystore ${KEYSTORE} \
-srckeystore ${P12_CERT} \
-srcstoretype PKCS12 \
-srcstorepass ${PASSWORD} \
-alias ${ALIAS} \
-noprompt \
-v
# printf "\nRestarting image...\n"
# docker restart unifi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment