Scenario
Make: Ubiquiti
Model: Ubiquiti Unifi Controller
Mode: CLI (Command Line Interface)
Version: 6.0.43
Description: This article contains a detailed stepwise method to generate CSR for installing an SSL certificate on the Unifi Controller URL to solve the issue of Certificate Error. If you already got the SSL certificate then refer the article to know how to install SSL certificate on the Unifi controller.
Problem
When we install and configure Unifi Controller and try to access the controller via GUI we get a certificate error as shown below in the image. This error occurs due to the unavailability of an SSL certificate. You could still access the controller by clicking the “Connect to unifi.edledge.com (unsafe)“.
Solution
To resolve the issue we need to install the SSL certificate. To get the SSL certificate from a Certificate Authority you would need to share the CSR. Without CSR you can not get the certificate for the Unifi URL e.g “unifi.edledge.com“.
Please follow the steps described below to generate the CSR on Debian OS.
Step1: SSH onto the Server
SSH onto the server and login as super admin.
Step2: Super Admin
Go to the super admin mode to access the library.
login as: localuser
localuser@edledge-unifi's password:
Linux edledge-unifi 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat May 22 20:07:17 2021 from 10.1.1.2
localuser@edledge-unifi:~$
localuser@edledge-unifi:~$ su
Password: edledge.com
root@edledge-unifi:/home/localuser#
Step3: Generate CSR
Generate CSR using the command shown below.
java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>
root@edledge-unifi:/usr/lib/unifi# java -jar lib/ace.jar new_cert unifi.edledge.com edledge Mumbai Mumbai India
Certificate for unifi.edledge.com generated
Step4: Export CSR
Export CSR as that would be needed to share with the certificate authority to get a certificate issued for unifi.edledge.com.
root@edledge-unifi:/usr/lib/unifi# cd /var/lib/unifi
root@edledge-unifi:/var/lib/unifi# ls
backup firmware keystore sites system.properties.bk unifi_certificate.csr.pem
db firmware.json model_lifecycles.json system.properties unifi_certificate.csr.der
root@edledge-unifi:/var/lib/unifi#
root@edledge-unifi:/var/lib/unifi# cat unifi_certificate.csr.pem
-----BEGIN CERTIFICATE REQUEST-----
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQIDAVUb2t5bz
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQgNVBAsMHXVu
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQQQDDB11bmlm
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQcNAQEBBQADg
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQ6J2RfRZSrQE
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQ8EjZoH07sPa
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQLXD6LAnSc3I
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQ1txigRT4uLD
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQd2DUIiqQgQi
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQAA4IBAQCXTR
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQFgzZNn+TlyA
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQRDSYBOanwyU
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQzOqRxSkNKGGY
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQfVdNlpcIg6o9
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQABV5zS3XjqhI
MIIC2zCCAcMCAQAwgZUxDjAMBgNVBAYTBUphcGFuMQ4wDAYDVQQBV5zS3XjqqhI
-----END CERTIFICATE REQUEST-----
Step5: Copy CSR
Copy CSR including “BEGIN CERTIFICATE REQUEST” and “END CERTIFICATE REQUEST” and save it in a notepad to share it with CA.
Once this CSR is shared with the certificate authority they will share the SSL certificate which can be imported to the Unifi controller and the error will go away.
Refer to the attached article if you are looking to upgrade the firmware of the Unifi Controller. Ubiquiti has some nice Wireless solutions as well. Do not forget to check articles on Unifi or Ubiquiti devices on this website.
Source: Knowledge Base, Lab, Ubiquiti
EA00070