UniFi Controller on Linux with CA certificates

The subject of SSL certificates with UniFi has spawned many threads within the UBNT Community.


_.-=%> UniFi Linux Setup with CA SSL Cert <%=-._


The distribution of Linux that I am using is Ubuntu 15.04 with ONLY SSH server selected during the installation.  I have also put a static IP address on the server, and only forwarded the appropriate ports through to the server as this will be a centralized UniFi server for about 20 locations.


I know you can add repositories and do apt-get, so read that I understand that before commenting to tell me that.


Log into your Ubuntu server and run:


wget https://www.ubnt.com/downloads/unifi/4.6.6/unifi_sysvinit_all.deb


once that completes:


sudo dpkg -i unifi_sysvinit_all.deb


It will try to install and throw some errors about dependancies.  Do this:


sudo apt-get -f install


This will install all the dependancies.  Then:


sudo dpkg -i unifi_sysvinit_all.deb


Once this is done you could browse to https://ip-or-fqdn-of-this-server:8443 and walk through the install




You can get a CSR (I used ssls.com and got the $5/year SSL cert), get a cert issued, and install the cert:


From the command line:


cd /usr/lib/unifi


sudo java -jar lib/ace.jar new_cert unifi.mydomain.dom “My Company Name” City State CC*

*(cc = 2 letter country code)


You will enter your password and then it will create your CSR in /var/lib/unifi


Do:  more unifi_certificate.csr.pem


Copy and paste the CSR into your SSL provider’s website to request the certificate.  Get your certificate issued (I would tell them I am using apache so they issue all the certs you will need)


Once you get your certificate and all the intermediate certs (if required) copy all the .crt files to /usr/lib/unifi and then (in my case):


sudo java -jar lib/ace.jar import_cert unifi_mydomain_org.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt


Put in your password again and you will see (after a few other lines):


Certificates successfuly imported. Please restart the UniFi Controller.


Run:  sudo service unifi restart


You can now load up the UniFi site and it should be using the CA issued cert instead of the self signed.