Ubiquiti Unifi SSL Certificate on Windows Server 2016

Today I'm going to show you how to install an SSL Certificate in your Ubiquiti Unifi software for use in both the Web interface as well as the Guest Portal.

In this example we were using a wildcard certificate that we use for the domain, but this should work with any certificate wildcard or not, as long as it's from a valid certificate provider.

What you will need for this task are following:

  1. Your PFX file from your valid SSL Certificate
  2. KeyStore Explorer software installed on your machine which can be downloaded here...

Lets get started...

To create your PFX file, open IIS and follow the instruction outlined below:

Choose where you want the exported certificate to be saved and input a complex password to apply to the exported file and click OK.

Now that you've created your PFX file you're now ready for the next stage which is to create the Ubiquiti UniFi SSL keystore file.

Open the KeyStore Explorer software and create a new KeyStore and use the following settings:

  1. KeyStore Type = JKS
  2. Click Tools > Import Key Pair
  3. Select PKCS #12
  4. Input the password you created for your PFX file in IIS earlier
  5. Browse to where you saved the PFX file from IIS and click import
  6. Leave the Alias as the default that Keystore nominated
  7. Set the KeyStore password to "aircontrolenterprise" (without the quotes)
  8. Now click Save and save the file as keystore. Please make sure there is no extension like keystore.pfx. The file should just be named keystore

Now you're ready to apply the keystore file to your Ubiquiti UniFi instance. Firstly, find the path of where your UniFi software is installed. In my case it was C:\Users\Administrator\Ubiquiti UniFi\. You need to go to the sub directory of data so the path should should be something like this:

C:\Users\Administrator\Ubiquiti UniFi\data

Replace the above data path to suit your installation path. In the data folder you see a file called keystore. Rename the keystore file to keystore_orig to save it in case you need to revert to it if this fails.

Now copy your newly created keystore file from the KeyStore Explorer software we created earlier and place it into the C:\Users\Administrator\Ubiquiti UniFi\data folder. Once done, you're ready to apply the new certificate to your UniFi instance. To do that, simply restart the UniFi Controller service as follows:

  1. Open a command prompt as Administrator
  2. net stop UniFi
  3. net start UniFi

You're all done. Now open your favourite browser and navigate to your site to confirm that you have a valid certificate as in the following example:

Consider yourself a superstar!

No Comments Yet.

Leave a comment