System - Adding a trusted certificate on UniFi Controller

At work, I had to replace the self-signed certificate on our Ubiquiti UniFi Controller with a trusted certificate.

It is poorly documented but pretty simple and requires only two commands:

$ openssl pkcs12 -export -in unifi.crt -inkey unifi.key -certfile unifi.chain.crt -out unifi.p12 -name unifi -password pass:aircontrolenterprise
$ keytool -importkeystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -storepass aircontrolenterprise
$ service unifi restart 

Note: unifi.chain.crt needs to contain the complete CA chain, including the intermediate CAs and the root CA.


Guillaume Chenuet

Make it simple, but significant.