I have recently got a Unifi access point up and running on my network, and am running the Unifi controller on a Linux VM. The problem is getting SSL working using a local Windows CA for issuing and signing.
What a mission!
But, for future reference:
- I was able to use this guide to generate a Certificate Request using Windows Server
- Then, in Windows Certification Authority, I tried right-click and All Tasks > Submit New Request, using the .req file generated above (more instructions here), but when that didn’t work, I did it from the command line using the instructions here. (Important note: I had to use the template “CertificateTemplate:WebServer” rather than his one.)
- Once it was signed, I had to import it into my local machine so I could export it out as a PFX.
- The definitive Unifi instructions are here, but I found I then had to restore the keystore. To do that, I used this very helpful Java app (after changing security settings so it would run), and the instructions here
- Basically, the Portcle app gave me the ID, and I was able to use that to restore the keystore and import the certificates.
Once all that was done, I was able to put the certificate on my Home Assistant machine, and have the verify_ssl tag point at it under the unifi device_tracker.
QED, but what a mission!