Fun times with SSL and Unifi

I have recently got a Unifi access point up and running on my network, and am running the Unifi controller on a Linux VM. The problem is getting SSL working using a local Windows CA for issuing and signing.

What a mission!

But, for future reference:

    1. I was able to use this guide to generate a Certificate Request using Windows Server
    2. Then, in Windows Certification Authority, I tried right-click and All Tasks > Submit New Request, using the .req file generated above (more instructions here), but when that didn’t work, I did it from the command line using the instructions here.  (Important note: I had to use the template “CertificateTemplate:WebServer” rather than his one.)
    3. Once it was signed, I had to import it into my local machine so I could export it out as a PFX.
    4. The definitive Unifi instructions are here, but I found I then had to restore the keystore.  To do that, I used this very helpful Java app (after changing security settings so it would run), and the instructions here
    5. Basically, the Portcle app gave me the ID, and I was able to use that to restore the keystore and import the certificates.

Once all that was done, I was able to put the certificate on my Home Assistant machine, and have the verify_ssl tag point at it under the unifi device_tracker.

QED, but what a mission!



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s