Cloudkey SSL Cert with Third-party cert

create.sh

#!/bin/bash

# Create fullchain
cat ~/cert/*.ca-bundle ~/cert/*.crt >> fullchain.cer
 
# Generate pkcs12 cert from acme output
openssl pkcs12 -export -in ~/cert/fullchain.cer -inkey \
~/cert/mydomain.key \
-out ~/cert/unifi.p12 -name unifi -password pass:aircontrolenterprise
 
# Generate Java Keystore
keytool -importkeystore -srckeystore ~/cert/unifi.p12 \
-srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore \
~/cert/unifi.keystore.jks -storepass aircontrolenterprise
 
# Verify Java Keystore
keytool -list -v -keystore ~/cert/unifi.keystore.jks
 
# Create cloudkey.crt
cat ~/cert/fullchain.cer >> ~/cert/cloudkey.crt

# Create cloudkey.cer
cat ~/cert/fullchain.cer >> ~/cert/cloudkey.cer
 
# Create cloudkey.key
cp ~/cert/mydomain.key ~/cert/cloudkey.key
 
# Create TAR file - it is critical to copy this entire block from cd to cd for this to work properly!
cd ~/cert

tar cf Cert.tar -C ~/cert cloudkey.crt cloudkey.cer \
cloudkey.key unifi.keystore.jks

cd
 
# Fix permissions
chown root:ssl-cert ~/cert/{cloudkey.crt,cloudkey.cer,cloudkey.key,unifi.keystore.jks,Cert.tar}

chmod 640 ~/cert/{cloudkey.crt,cloudkey.cer,cloudkey.key,unifi.keystore.jks,Cert.tar}

# Copy the new certificates to the location
cp -p ~/cert/{Cert.tar,cloudkey.crt,cloudkey.cer,cloudkey.key,unifi.keystore.jks} \
/etc/ssl/private/

# Restart nginx and unifi
/etc/init.d/nginx restart; /etc/init.d/unifi restart