Scenario
Make: Ubiquiti
Model: Ubiquiti Unifi Controller
Mode: CLI (Command Line Interface)
Version: 6.0.43
Description: This article contains a detailed stepwise method to solve the error of “Unable to import the Certificate into Keystore” while importing an SSL certificate to Ubiquiti Unifi Controller.
Issue
Sometimes when we install SSL certificate on Ubiquiti Unifi Controller we get an error “Unable to import the Certificate into Keystore” and the import or install of the SSL fails.
root@edledge-unifi:/usr/lib/unifi# sudo java -jar lib/ace.jar import_cert unifi.edledge.com edledge.cer
Unable to import the certificate into keystore
Solution
There are many ways to solve this issue. We will discuss here one of them. This error message could occur depending upon the different situations and processes of importing the certificate. The error of being unable to import certificates to Keystore can also occur in Ubiquiti Unifi if there is any space that exists in the secret keys.
Step1: SSL Certificate
Save the SSL certificate on the local computer
Step2: Keys
Check the keys of the SSL certificate. Right-click on the certificate and open it with notepad or notepad++.
-----BEGIN CERTIFICATE-----
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQIDAVUb2t5bz
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQgNVBAsMHXVu
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQQQDDB11bmlm
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQcNAQEBBQADg
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQ6J2RfRZSrQE
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQ8EjZoH07sPa
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQLXD6LAnSc3I
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQ1txigRT4uLD
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQd2DUIiqQgQi
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQAA4IBAQCXTR
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQFgzZNn+TlyA
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQRDSYBOanwyU
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQzOqRxSkNKGG
YMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQfVdNlpcIg6
o9MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQABV5zS3Xj
qhIMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQBV5zS3Xj
-----END CERTIFICATE-----
Step3: Remove Space
Edit the certificate with notepad++ and remove the spaces between the keys and make it a single line key file, as shown below.
-----BEGIN CERTIFICATE-----MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQIDAVUb2t5bzMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQgNVBAsMHXVuMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQQQDDB11bmlmMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQcNAQEBBQADgMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQ6J2RfRZSrQEMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQ8EjZoH07sPaMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQLXD6LAnSc3IMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQ1txigRT4uLDMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQd2DUIiqQgQiMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQAA4IBAQCXTRMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQFgzZNn+TlyAMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQRDSYBOanwyUMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQzOqRxSkNKGGY
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQfVdNlpcIg6o9MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQABV5zS3XjqhIMIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQBV5zS3XjqqhI-----END CERTIFICATE-----
Step4: Save
Save the file on the local drive. Do not change the extension of the certificate.
Step5: Import Certificate
Import the certificate again and the error should be gone now.
root@edledge-unifi:/usr/lib/unifi# sudo java -jar lib/ace.jar import_cert unifi.edledge.com edledge.cer
Parse edledge.cer (PEM, 1 certs): CN=unifi.edledge.com
Importing singed cert [unifi.edledge.com]
Certificates successfully imported. Please restart the Unifi Controller.
This should resolve the issue of “Unable to import the Certificate into Keystore“. If the issue still persists maybe you would need to create a new Keystore and generate CSR for SSL certificate again to get new SSL certificates. After that, we would need to start the import or install SSL certificate on Ubiquiti Unifi controller again.
Source: Knowledge Base, Lab, Ubiquiti
EA00079