I recently decided that I was no longer going to tolerate my UniFi Cloud Key's web management tool using a self-signed SSL certificate. I have, many times in the past, replaced the supplied certificates on the self-installed UniFi Controller software that I have run, on various Raspberry Pis or Linux VMs. The process has never been all that cumbersome, and it involved updating the `keystore.jks` file, and restarting the UniFi Controller.
However, the process seems to be very different, on the Cloud Key Gen 2. I'm not sure if the same goes for the Gen 1 Cloud Key, but it seems likely, as UniFi tends to update the software on all devices, with each release. I'd have no problem with this, but the process is completely undocumented.
After many, many hours of poking and prodding my Cloud Key, and much searching of the UniFi Community forum, I found the following fantastic post, from the user loafbread:
So, it seems that Ubiquiti has made the SSL certificate process much easier. Fantastic, of course, but they somehow failed to document that fact. To make sure that this critical bit of information is maintained, I will summarize the process, here:
- copy your PEM-format certificates to your Cloud Key
- you will need both the certificate itself and the full CA chain certificate files
- back up the following files:
- cp -p /data/unifi-core/config/unifi-core.crt /data/unifi-core/config/unifi-core.crt.orig
- cp -p /data/unifi-core/config/unifi-core.key /data/unifi-core/config/unifi-core.key.orig
- replace the the unifi-core.crt file with your full CA certificate chain and the unifi-core.key file with your certificate
- restart the unifi-core service
- systemctl restart unifi-core.service
So, the process isn't difficult, if it were only documented.
Oh well.
