UniFi SSL Certificate Installation

Published by admin on

Do you have a Debian or Ubuntu based UniFi controller? Do you want to put a CA signed SSL certificate on it? You should! Follow these instructions to get up and going!
UniFi SSL Cert Commands:
SSL Cert:

PayPal Donations –
Twitter – @WillieHowe
Instagra – @howex5
Private Internet Access –

Buy your gear below!

My Amazon Link:
Get 10% off your Netool at by using coupon code WILLIEHOWE

Buy your Ubiquiti gear here:
UniFi G3 Bullet Camera:
UniFi G3 Dome Camera:
UniFi G3 Bullet Cam IR Extender:
UniFi DVR:
UniFi Switch 16-XG (10G):
U Fiber 10G SFP+ Modules:
UniFi AC-HD:
UniFi USG:
UniFi USG Pro:
UniFi Mesh:
UniFi Cloud Key:
UniFi Switch 8-150:
UniFi Switch 8-60:
UniFi Switch 8:
UniFi Switch 16-150W:
UniFi Switch 24-250W:
UniFi Switch 48-500W:
UniFi Switch 48-750W:
AmpliFi HD Home WiFi:
EdgeSwitch 8 150:
EdgeSwitch 24 Lite:
EdgeSwitch 24 250W:
EdgeSwitch 48 500W:
EdgeRouter X:
EdgeRouter X SFP:
EdgeRouter Lite:
EdgeRouter 5 PoE:
EdgeRouter 8:
EdgeRouter 8 Pro:

Beyondtec Cabling:

Want a small physical pfSense box? Here is a great appliance!:
Buy your MikroTik hAP Lite here:
Sonicwall TZ105:

Support my channel and keep the lab growing!

Come back for the next video!

SUBSCRIBE! THUMBS-UP! Comment and Share!



Jason l · April 4, 2018 at 6:13 pm

I imported both the "unifi_domain_net.crt" and "unifi_domian_net.ca-bundle" But I am getting the error "ERROR! missing cert file for [AddTrust External CA Root]"

Chris Harness · April 4, 2018 at 6:13 pm

anyone had any issues creating the cret file in linux? When I create the cret file in linux, it says successfully created one, but when I go back to look/get at the file nothing is there. Please help!

Josh Roberts · April 4, 2018 at 6:13 pm

Can you do a video on how to renew your SSL Cert? Along with what to do if get the ERR_SSL_PROTOCOL_ERROR?

Chris Burke · April 4, 2018 at 6:13 pm

Why are you including the main Root CA when you add the certs? The client should already have the RootCA, so you should only include the intermediates and to server cert. Including the top level RootCA just increases the size of the SSL handshake and lowers performance.

Ahad Mosharraf · April 4, 2018 at 6:13 pm

Hi Willie, My controller hosted under an real IP. In your tutorial you use a subdomain. How can I convert the IP to a subdomain?

RCBaja5bss · April 4, 2018 at 6:13 pm


Ron Stams · April 4, 2018 at 6:13 pm

I am moving from Shibby Tomato to USG. I got everything working as previously, but what I really miss in the USG is:
– OPENVPN client (e.g. to EXPRESSION)
– ad block

I would love a video on (one of) both!!

WiseOldHowell · April 4, 2018 at 6:13 pm

I'm a new subscriber. Thank you for the super clear video on setting up an SSL on a UniFi Cloud Key. Your directions were excellent! I went with the SSL's 3 yr cert. Great job!

Tommy bee · April 4, 2018 at 6:13 pm

I know u busy, me to. Out of curiosity.

Why backup does not restores certificate installation on unifi cloudkey? Is there quick fix or i have to just reinstall the cert again.


Stuart Ingram · April 4, 2018 at 6:13 pm

Hi when I do the sudo java -jar…. command and then go to cd data I get Permission denied. Help Please.

RCBaja5bss · April 4, 2018 at 6:13 pm

Could you make a video for unifi video on ubuntu for ssl?

BeardBytes · April 4, 2018 at 6:13 pm

Willie may have mentioned this somewhere, but in the event that you are sent a ca-bundle instead of three individual cert files, you will need to confirm that the file you have received does have all the necessary certs. The one I first received only had two and this didn't fly. So, when you get to the part to run the following:

"sudo java -jar lib/ace.jar import_cert unifi_controller_com.crt unifi_controller_com.ca-bundle(I also tried unifi.controller.com.ca-bundle)" you will see it kicks out an error.

You need to break that file up into three different files. You can either contact support and request they send a zip of the three files or just do it in CLI.

This command will break that ca-bundle up for you:

" awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "newcert." c ".pem"}' < unifi.controller.com.ca-bundle"

Now when you run "ls" in the "/usr/lib/unifi" directory you should see newcert.1.pem, newcert.2.pem and newcert.3.pem pop up.

You can now run "sudo java -jar lib/ace.jar import_cert unifi_controller_com.crt newcert.1.pem newcert.2.pem newcert.3.pem" and it should work out for you.

Now, perhaps this was only occurring with me, but I figured I would post this here just in case it could help someone else!

Theo Lodewijk · April 4, 2018 at 6:13 pm

After following your video, I get after te last commando "suod java -jar lib/ace.jar import_cert" the error message "Unable to import the certificate into keystore"

Jeff Gruber · April 4, 2018 at 6:13 pm

Thanks for the video Willie, worked perfect with a few exceptions for AWS and the certs.

Ken Baiocchi · April 4, 2018 at 6:13 pm

Good until I need to cd to the "data folder" to copy the CSR info. cd: /usr/lib/unifi/data: Permission denied Thoughts? Ubuntu 16.04.3 Unifi 5.5.20 on AWS

Quentin King · April 4, 2018 at 6:13 pm

i've done the same ssls.com and email setup and they eamiled a zip with only two files. where do i get the others?

Klaas de Jong · April 4, 2018 at 6:13 pm

If you running Linux and have an existing certificate, follow this guide to make a new keystore file for Unifi!

In the keystore manager, i had to choose for PKCS#8 instead OpenSSL.

laricher100 · April 4, 2018 at 6:13 pm

I am getting the feeling I will not be able to register for a cert using DDNS I am thinking my ISP will have to provide me a static IP and I will have to register my domain. If someone has a link that would give good instruction, I would highly appreciated it. The video was highly informative. I think I just need to figure out this small detail. Thankks

Andrew Grill · April 4, 2018 at 6:13 pm

Great video, simple instructions – worked for me!

Yuriy Taranovych · April 4, 2018 at 6:13 pm

Nice! Thanks! Please do the similar video with Let's Encrypt certs

poiromaniax · April 4, 2018 at 6:13 pm

Thank you so much for this awesome video! Worked like a charm, although I couldnt put in my city/state – I had to only use the country code (ZA – South Africa) or ssls.com gave me an error

John Budden · April 4, 2018 at 6:13 pm

Thanks Willie – got me there in the end. Had to tweak a few things – for a UK domain do not add a 'State' entry to the csr creation – it corrupts the csr. Here is what I did:

Google compute VM running Debian 8 and Unifi controller 5.4.14 using a UK domaincd /usr/lib/unifisudo java -jar lib/ace.jar new_cert your.domain.com “Company name” Town GBDo not try to add a 'State' entry as a county name confuses the openssl and corrupts the csr.It will create your CSR in /var/lib/unifiunifi_certificate.csr.der
unifi_certificate.csr.pemDo:  more unifi_certificate.csr.pemCopy and paste the CSR into your SSL.com website to request the certificate – it will tell you if there are any errors.Once you get your certificate and all the intermediate certs – from SSLs.com I got back:your.domain.com.crt
your.domain.com.p7bI added .crt extension to the bundle file – copy both .crt files to /usr/lib/unifiDo: sudo java -jar lib/ace.jar import_cert your.domain.com.crt your.domain.com.ca-bundle.crtShould read at the end:Certificates successfuly imported. Please restart the UniFi Controller.Run:  sudo service unifi restartWorked for me – Thanks Willie.

Tom Coudriet · April 4, 2018 at 6:13 pm

Hey how about a video for us Windows Server 2012 folks. Thanks.

Michael Kennedy · April 4, 2018 at 6:13 pm

any chance of a guide as to how to install SSL on a windows based server?? Tried speaking to Ubiquiti and they were about as useful as toothache!! Great videos. Cheers

Tommy bee · April 4, 2018 at 6:13 pm

WIllie BTW. you the best man.!!!!! 🙂

Quick question. How come you r allowed to have 2 domains under one SSL certificate? Is it wildcard cert?

Just to clearing it.

Bailey · April 4, 2018 at 6:13 pm

Well that hosed my AWS controller. Everything seemed to go fine, good install, but now ERR_SSL_PROTOCOL_ERROR

DickReed43 · April 4, 2018 at 6:13 pm

Another excellent video but please do the same video for installing the SSL on to a Cloud Key Controller.  Thank you.

Greg Thomson · April 4, 2018 at 6:13 pm

Great video Willie. It's great that you are able to show in detail what many wouldn't do!

Kyle Warner · April 4, 2018 at 6:13 pm

Do these changes "survive" Unifi updates?

I run the unifi controller behind NGINX and let NGINX handle SSL. Then you can have it proxy to the controller and not type in the port number either. And if you buy a wildcard SSL (or LetsEncrypt), you can run multiple services on one machine and not have to worry about installing the SSL to each "server". It's all configured in NGINX once and then just add 3 lines for each new service.

Brian Page · April 4, 2018 at 6:13 pm

Great video Willie. I assume this would be the same steps for the CloudKey?

Jaco Grobler · April 4, 2018 at 6:13 pm

Excellent, thanks.

Sidney Bekeleski · April 4, 2018 at 6:13 pm

Could these same steps be used for Unifi-Video nvr?

Chris Baker · April 4, 2018 at 6:13 pm

CloudKey setup sometime?

I'm pretty sure LE isn't supported yet by UB – I've asked.

ikkuranus · April 4, 2018 at 6:13 pm

I'd rather use LE assuming I could figure out how to automate it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: