Updating the SSL certs on the Unifi Controller
- Postfix, iPhone, Apple Mail and the reject
- Updating the SSL certs on the Unifi Controller
- Firefox and org-protocol URL Capture
- System Hangs on Shutdown
- Let's Encrypt Certificates and Arch
- /bin/mail as MTA
- Filtering bots with erc
- DSCP Tagging with iptables
- Bitlbee, Purple-Sipe-Lync, and Certificates
- daemontools, Apache, and the Whole Process Group
- Comma Trouble
- Emacs DNS Mode
- Wrangling Namespaces in Python
- Using Skype from Emacs
- Choosing the Right Technology
- Django, Testing, and Sessions
- KMS, xvideo-intel, and Arch Linux
- Verizon UMW-190 and Arch Linux
- Hawking Range Extender and Linux
- CUPS driver for the Dell 1320C Printer on Arch
- SANE and the Canon LIDE 20
- Getting easypg working in Ubuntu
Updating the SSL certificate pair on the Unifi Controller
Published 2019-02-08
There's a knowledge base article, but that didn't work for me, probably cuz I'm not much of a Java guy.
In the end, a little mucking around with keytool and some googling got me going.
First, backup /usr/lib/unifi/data/keystore. That will give you a fallback.
After you have your keypair (Let's Encrypt is your friend, or a self-signed pair), then on a box with java:
openssl pkcs12 -export -name unifi -in cert.pem -inkey key.pem -out keystore.new
The "-name unifi" adds the alias to the keystore, which is needed by the controller. It will also ask for the password for export. Use:
aircontrolenterprise
You can check the results (using the password above):
keytool -list -keystore keystore Enter keystore password:
Keystore type: PKCS12 Keystore provider: SUN Your keystore contains 1 entry unifi, Feb 8, 2019, PrivateKeyEntry, Certificate fingerprint (SHA1): 69:83:83:A0:B5:C8:54:9E:EA:46:55:A8:A0:3C:F7:81:A5:94:7E:8A
Copy keystore.new into /usr/lib/unifi/data/keystore and restart the
controller. Check the log for any silliness
(/var/log/unifi/server.log). Revert to the saved keystore file
should your java frustration level hit critical.
org-mode