Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Generate a keystore for Unifi controllers
# Assumptions:
# ./unifi.pem is the signed cert you wish to use
# ./unifi.key is the private key
# ./chain.pem is the CA chain for your issuer, ordered intermediates to root (descending)
# /var/lib/unifi/keystore is the appropriate path for your Keystore; may vary by distro (tested on Debian 8)
openssl pkcs12 -export \
-in unifi.pem \
-inkey unifi.key \
-out unifi.p12 \
-name unifi \
-chain -CAfile chain.pem \
-passout pass:aircontrolenterprise
keytool -importkeystore \
-deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \
-destkeystore keystore.jks \
-srckeystore unifi.p12 \
-srcstoretype PKCS12 \
-srcstorepass aircontrolenterprise \
-alias unifi
rm -f unifi.p12; rm -f unifi.pem; rm -f unifi.key
echo "Clean up: sudo mv keystore.jks /var/lib/unifi/keystore; sudo /etc/init.d/unifi restart; sudo tail -f /var/log/unifi/server.log"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment