Last active
April 8, 2022 03:25
-
-
Save troyfontaine/b130012e5e20fe83cddc4151a0d81ed9 to your computer and use it in GitHub Desktop.
Cloudkey SSL Cert with Third-party cert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Create fullchain | |
cat ~/cert/*.ca-bundle ~/cert/*.crt >> fullchain.cer | |
# Generate pkcs12 cert from acme output | |
openssl pkcs12 -export -in ~/cert/fullchain.cer -inkey \ | |
~/cert/mydomain.key \ | |
-out ~/cert/unifi.p12 -name unifi -password pass:aircontrolenterprise | |
# Generate Java Keystore | |
keytool -importkeystore -srckeystore ~/cert/unifi.p12 \ | |
-srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore \ | |
~/cert/unifi.keystore.jks -storepass aircontrolenterprise | |
# Verify Java Keystore | |
keytool -list -v -keystore ~/cert/unifi.keystore.jks | |
# Create cloudkey.crt | |
cat ~/cert/fullchain.cer >> ~/cert/cloudkey.crt | |
# Create cloudkey.cer | |
cat ~/cert/fullchain.cer >> ~/cert/cloudkey.cer | |
# Create cloudkey.key | |
cp ~/cert/mydomain.key ~/cert/cloudkey.key | |
# Create TAR file - it is critical to copy this entire block from cd to cd for this to work properly! | |
cd ~/cert | |
tar cf Cert.tar -C ~/cert cloudkey.crt cloudkey.cer \ | |
cloudkey.key unifi.keystore.jks | |
cd | |
# Fix permissions | |
chown root:ssl-cert ~/cert/{cloudkey.crt,cloudkey.cer,cloudkey.key,unifi.keystore.jks,Cert.tar} | |
chmod 640 ~/cert/{cloudkey.crt,cloudkey.cer,cloudkey.key,unifi.keystore.jks,Cert.tar} | |
# Copy the new certificates to the location | |
cp -p ~/cert/{Cert.tar,cloudkey.crt,cloudkey.cer,cloudkey.key,unifi.keystore.jks} \ | |
/etc/ssl/private/ | |
# Restart nginx and unifi | |
/etc/init.d/nginx restart; /etc/init.d/unifi restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment