Skip to main content

Adding a Self-Sign Certificate to the Unifi Controller

You can import and use your own self-sign certificates for the Unifi Controller.

Connect to the Unifi Controller host via SFTP to transfer your certificate or key to the system.

Stop the current Unifi Controller service:

sudo systemctl stop unifi

Delete the current SSL from Unifi controller. When prompted for a key password, enter aircontrolenterprise.

sudo keytool -delete -alias unifi -keystore /var/lib/unifi/keystore

Screen Shot 2021-07-22 at 10.50.27.png

Convert the certificate into the keystore type that Unifi Controller uses:

sudo openssl pkcs12 -export -in your-ssl-cert.crt -inkey your-ssl-cert-private-key.key  -out unifi_cert -passout pass:aircontrolenterprise -name unifi

Screen Shot 2021-07-22 at 10.51.38.png

Install the certificate into Unifi Controller:

sudo keytool -importkeystore -srckeystore unifi_cert -srcstorepass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -deststorepass aircontrolenterprise -alias unifi -trustcacerts

Screen Shot 2021-07-22 at 10.51.50.png

Restart the Unifi Controller to apply the changes:

sudo systemctl restart unifi

Upon reboot, your self-signed certificate should be applied and in used by the Unifi Controller.