Created
January 3, 2021 11:50
-
-
Save nitobuendia/e1ade5b38ff136c3f90c7a32fb5177bc to your computer and use it in GitHub Desktop.
Import letsecrypt certificates to UniFi Controller
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Modified from: | |
| # https://github.com/jacobalberty/unifi-docker/blob/master/import_cert | |
| echo "Loading constants" | |
| DATADIR="/usr/lib/unifi/data" | |
| CERTDIR="/ssl" | |
| CERTNAME="fullchain.pem" | |
| CERT_PRIVATE_NAME="privkey.pem" | |
| CERT_IS_CHAIN=true | |
| TEMP_SSL_PATH="${CERTDIR}/tmp" | |
| TEMP_KEYSTORE_FILE="${TEMP_SSL_PATH}/tmp_keystore" | |
| TEMP_CERT_FILE="${TEMP_SSL_PATH}/tmp_cert" | |
| TEMP_CHAIN_FILE="${TEMP_SSL_PATH}/tmp_chain" | |
| echo "Checking existing keystore" | |
| if [ ! -e "${DATADIR}/keystore" ]; then | |
| echo "Creating new keystore" | |
| keytool -genkey -keyalg RSA -alias unifi -keystore "${DATADIR}/keystore" \ | |
| -storepass aircontrolenterprise -keypass aircontrolenterprise -validity 1825 \ | |
| -keysize 4096 -dname "cn=UniFi" | |
| fi | |
| echo "Creating temporary files" | |
| mkdir -p ${TEMP_SSL_PATH} | |
| touch ${TEMP_KEYSTORE_FILE} | |
| touch ${TEMP_CERT_FILE} | |
| touch ${TEMP_CHAIN_FILE} | |
| echo "Generating cross-signed certificate" | |
| CERTURI=$(openssl x509 -noout -ocsp_uri -in "${CERTDIR}/${CERTNAME}") | |
| # Identrust cross-signed CA cert needed by the java keystore for import. | |
| # Can get original here: https://www.identrust.com/certificates/trustid/root-download-x3.html | |
| cat > "${TEMP_CERT_FILE}" <<'_EOF' | |
| -----BEGIN CERTIFICATE----- | |
| MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | |
| MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | |
| DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | |
| PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | |
| Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | |
| AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | |
| rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | |
| OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | |
| xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | |
| 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | |
| aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | |
| HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | |
| SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | |
| ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | |
| AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | |
| R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | |
| JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | |
| Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | |
| -----END CERTIFICATE----- | |
| _EOF | |
| echo "Copying certificate data to temp certificate" | |
| # Letsencrypt fullchain.pem | |
| awk 1 "${TEMP_CERT_FILE}" "${CERTDIR}/${CERTNAME}" >> "${TEMP_CHAIN_FILE}" | |
| # Letsencrypt cert.pem | |
| # awk 1 "${TEMP_CERT_FILE}" "${CERTDIR}/chain.pem" "${CERTDIR}/${CERTNAME}" >> "${TEMP_CHAIN_FILE}" | |
| # Default | |
| # awk 1 "${CERTDIR}/chain.pem" "${CERTDIR}/${CERTNAME}" >> "${TEMP_CHAIN_FILE}" | |
| echo "Exporting certificate as keystore" | |
| openssl pkcs12 -export -passout pass:aircontrolenterprise \ | |
| -in "${TEMP_CHAIN_FILE}" \ | |
| -inkey "${CERTDIR}/${CERT_PRIVATE_NAME}" \ | |
| -out "${TEMP_KEYSTORE_FILE}" -name unifi | |
| echo "Deleting existing keystore alias" | |
| keytool -delete -alias unifi -keystore "${DATADIR}/keystore" \ | |
| -deststorepass aircontrolenterprise | |
| echo "Importing certificates to keystore" | |
| keytool -trustcacerts -importkeystore \ | |
| -deststorepass aircontrolenterprise \ | |
| -destkeypass aircontrolenterprise \ | |
| -destkeystore "${DATADIR}/keystore" \ | |
| -srckeystore "${TEMP_KEYSTORE_FILE}" -srcstoretype PKCS12 \ | |
| -srcstorepass aircontrolenterprise \ | |
| -alias unifi | |
| echo "Remove temporary files." | |
| rm -R ${TEMP_SSL_PATH} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment