Skip to content

Instantly share code, notes, and snippets.

@troyfontaine

troyfontaine/create.sh

Last active Feb 6, 2019
Embed
What would you like to do?
Cloudkey SSL Cert with Third-party cert
#!/bin/bash
# Create fullchain
cat ~/cert/*.ca-bundle ~/cert/*.crt >> fullchain.cer
# Generate pkcs12 cert from acme output
openssl pkcs12 -export -in ~/cert/fullchain.cer -inkey \
~/cert/mydomain.key \
-out ~/cert/unifi.p12 -name unifi -password pass:aircontrolenterprise
# Generate Java Keystore
keytool -importkeystore -srckeystore ~/cert/unifi.p12 \
-srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore \
~/cert/unifi.keystore.jks -storepass aircontrolenterprise
# Verify Java Keystore
keytool -list -v -keystore ~/cert/unifi.keystore.jks
# Create cloudkey.crt
cat ~/cert/fullchain.cer >> ~/cert/cloudkey.crt
# Create cloudkey.cer
cat ~/cert/fullchain.cer >> ~/cert/cloudkey.cer
# Create cloudkey.key
cp ~/cert/mydomain.key ~/cert/cloudkey.key
# Create TAR file - it is critical to copy this entire block from cd to cd for this to work properly!
cd ~/cert
tar cf Cert.tar -C ~/cert cloudkey.crt cloudkey.cer \
cloudkey.key unifi.keystore.jks
cd
# Fix permissions
chown root:ssl-cert ~/cert/{cloudkey.crt,cloudkey.cer,cloudkey.key,unifi.keystore.jks,Cert.tar}
chmod 640 ~/cert/{cloudkey.crt,cloudkey.cer,cloudkey.key,unifi.keystore.jks,Cert.tar}
# Copy the new certificates to the location
cp -p ~/cert/{Cert.tar,cloudkey.crt,cloudkey.cer,cloudkey.key,unifi.keystore.jks} \
/etc/ssl/private/
# Restart nginx and unifi
/etc/init.d/nginx restart; /etc/init.d/unifi restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.