rpunt/unifi_keystore_gen.sh

## unifi_keystore_gen.sh
#!/bin/bash

# Assumptions:
# ./unifi.pem is the signed cert you wish to use
# ./unifi.key is the private key
# ./chain.pem is the CA chain for your issuer, ordered intermediates to root (descending)
# /var/lib/unifi/keystore is the appropriate path for your Keystore; may vary by distro (tested on Debian 8)

openssl pkcs12 -export \
  -in unifi.pem \
  -inkey unifi.key \
  -out unifi.p12 \
  -name unifi \
  -chain -CAfile chain.pem \
  -passout pass:aircontrolenterprise

keytool -importkeystore \
  -deststorepass aircontrolenterprise \
  -destkeypass aircontrolenterprise \
  -destkeystore keystore.jks \
  -srckeystore unifi.p12 \
  -srcstoretype PKCS12 \
  -srcstorepass aircontrolenterprise \
  -alias unifi

rm -f unifi.p12; rm -f unifi.pem; rm -f unifi.key

echo "Clean up: sudo mv keystore.jks /var/lib/unifi/keystore; sudo /etc/init.d/unifi restart; sudo tail -f /var/log/unifi/server.log"
	#!/bin/bash

	# Assumptions:
	# ./unifi.pem is the signed cert you wish to use
	# ./unifi.key is the private key
	# ./chain.pem is the CA chain for your issuer, ordered intermediates to root (descending)
	# /var/lib/unifi/keystore is the appropriate path for your Keystore; may vary by distro (tested on Debian 8)

	openssl pkcs12 -export \
	-in unifi.pem \
	-inkey unifi.key \
	-out unifi.p12 \
	-name unifi \
	-chain -CAfile chain.pem \
	-passout pass:aircontrolenterprise

	keytool -importkeystore \
	-deststorepass aircontrolenterprise \
	-destkeypass aircontrolenterprise \
	-destkeystore keystore.jks \
	-srckeystore unifi.p12 \
	-srcstoretype PKCS12 \
	-srcstorepass aircontrolenterprise \
	-alias unifi

	rm -f unifi.p12; rm -f unifi.pem; rm -f unifi.key

	echo "Clean up: sudo mv keystore.jks /var/lib/unifi/keystore; sudo /etc/init.d/unifi restart; sudo tail -f /var/log/unifi/server.log"