Skip to content

Example hook script to deploy cert to Unifi controller

Jump to bottom
Brian Candler edited this page Jul 29, 2017 · 1 revision

The unifi controller has a Java webserver and hence Java certificate/key store.

#!/bin/bash -e

# Deploy cert to unifi controller. Based on:
# https://community.ubnt.com/t5/UniFi-Wireless/Your-own-SSL-key-and-cert/m-p/484943#M39260
# (with correction to use '-certfile' not '-CAfile' to import the intermediate CA cert)

HANDLER="${1}"
DOMAIN="${2}"
KEYFILE="${3}"
CERTFILE="${4}"
FULLCHAINFILE="${5}"
CHAINFILE="${6}"
TIMESTAMP="${7}"

KEYSTORE="/usr/lib/unifi/data/keystore"
KEYSTOREPASS="aircontrolenterprise"

case "$HANDLER" in
  "deploy_cert")
    TMPFILE="$(mktemp)"

    openssl pkcs12 -export -in "$CERTFILE" -inkey "$KEYFILE" \
     -out "$TMPFILE" -name unifi \
     -certfile "$CHAINFILE" -caname root -password "pass:$KEYSTOREPASS"

    keytool -importkeystore \
      -deststorepass "$KEYSTOREPASS" -destkeypass "$KEYSTOREPASS" -destkeystore "$KEYSTORE" \
      -srckeystore "$TMPFILE" -srcstoretype PKCS12 -srcstorepass "$KEYSTOREPASS" \
      -alias unifi -noprompt

    rm "$TMPFILE"
    systemctl restart unifi
    ;;

esac
Clone this wiki locally