Import & Install SSL Certificate On Ubiquiti Unifi Controller

Ubiquiti logo

Scenario
Make: Ubiquiti
Model: Ubiquiti Unifi Controller
Mode: CLI (Command Line Interface)
Version: 6.0.43
Description: This article contains a detailed stepwise method to import or install an SSL certificate on the Unifi Controller based on Linux OS to solve the issue of Certificate Error.

Problem

When we install and configure Unifi Controller and try to access the controller via GUI, we get a certificate error as shown below in the image. This error occurs due to the unavailability of an SSL certificate. You could still access the controller by clicking the “Connect to unifi.edledge.com (unsafe)“.

Unifi Certificate Error

Follow the steps mentioned below to install the certificate on the controller. To get the SSL certificate, we need to share CSR with the certificate authority. Refer to the article to know How To Generate CSR For SSS Certificate On Unifi Controller and share the CSR with the certificate authority to get an SSL certificate.

Solution

Step1: SSL Certificate
Save the SSL certificate on the local storage or drive which you have received from certificate provider.

Step2: Install WinSCP
To import the certificate onto the controller, install WinSCP. As shown below in the image.

WinSCP

Step3: Import Certificate
Create a new folder as “cert” and Import the certificate onto the controller. As shown below in the image

WinSCP Cert

Step4: SSH Access
SSH onto the Unifi controller using putty. As shown below in the image.

SSH 192.168

Step5: Copy Cert Folder To Unifi
Use the command shown below to copy the certificate to the Unifi folder.

login as: user
user@edledge-unifi's password: edledge.com
Linux edledge-unifi 4.19.0-12-amd64 #1 SMP Debian 4.19.152-1 (2020-10-18) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.

user@edledge-unifi: su
Password:edledge
root@edledge-unifi:/home/user# cd cert
root@edledge-unifi:/home/user/cert# sudo cp * /usr/lib/unifi

Step6: Import The Cert
Import the certificate to the controller.

root@edledge-unifi:/home/user/cert# cd /usr/lib/unifi
root@edledge-unifi:/usr/lib/unifi# ls
bin edledge.cer data dl lib logs run webapps
root@edledge-unifi:/usr/lib/unifi# sudo java -jar lib/ace.jar import_cert unifi.edledge.com edledge.cer
Parse edledge.cer (PEM, 1 certs): CN=unifi.edledge.com
Importing singed cert [unifi.edledge.com]
Certificates successfully imported. Please restart the Unifi Controller.

Step7: Restart
Once the certificate is imported then restart the Unifi services.

root@edledge-unifi:/home/user/cert# sudo service unifi restart

The certificate is now successfully installed. Now access the Unifi controller URL and you would see the certificate error is gone now and the connection is secure.

This article is based on the Unifi firmware version 6.0.43. We can upgrade the firmware of the Controller via CLI. Also, refer to the article if you looking for configuring radius authentication on Ubiquiti Unifi Wireless Network. Do not forget to refer to the articles on Ubiquiti Unifi devices.

Source: Knowledge Base, Lab, Ubiquiti

EA00077

Leave a Reply

Your email address will not be published. Required fields are marked *