This tutorial is about import of Wildcard X509 certificate.
I spend 3 days with research, and I found just many trials and errors. Nightmare, thanks to totally unsupported topic and Ubiquiti attitude (same as Synology). Tons of solutions across internet, but each of them useless for Wildcard cert.
Then I have done for you fully functional guide. Tested and implemented right now. You now can spend 5 minutes only. Cheers.
I use description also for newbies.
Step by step of UNIFI controller Docker Wildcard SSL import
1. Prerequisites, based on main Unifi/docker tutorial document:
#Location of the docker container in Synology (up to your setup, but it will help you understand my guide):
/volume1/docker/unifi
#Name of the container:
unifi
#Move your issued certificate pair (crt+key) to docker/unifi directory
# backup your original keystore file:
../docker/unifi ... there is file
keystore ... make new one as
keystore.bak
# SSH client (I like my MobaXterm or Putty)
#
KeyStore Explorer App (Win, Mac, Lnx), really useful app
2. check of your working directory (to be sure)
# connect your NAS by SSH client, include sudo -i (root)
# Use the command to get a bash shell in the container
docker exec -it unifi /bin/bash
# then you see (you are in the container shell):
root@jacobalberty-unifi1:/unifi#
# list of directories in the container:
ls
# you see:
cert data log
# check of "data" directory list - you have to see same structure as is in your main
docker/unifi directory (mapping)
cd data
ls
# you see:
backup
cert
db
firmware.json
keystore
keystore.bak
sites
system.properties
# then mapping is working.
End of this part.
3. prepare conversion of your Wildcard certificate to PKCS#12 standard:
openssl pkcs12 -export -in name of your certificate.crt -inkey name of your certificate key.key -out unifi.p12 -name unifi -password pass:aircontrolenterprise
.... in this step I found a lot of mess from 3rd party guides
# you will find new file in this directory called
unifi.p12
= this is your new integrated certificate (cert+key).
# the new certificate I checked by KeyStore Explorer App:
- open the new certificate:
unifi.p12
- password for the certificate:
aircontrolenterprise
- Save as: use Keystore file format
# done, you have your new keystore include your valid Wildcard SSL cert.
# to be sure final keystore file you have to place to
../docker/unifi
directory
Then just restart your container.
Time for next beer.
PS:
here is a command, how to import your unifi.p12 to keystore by CLI, without KeystoreExplorer:
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore keystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi -noprompt
and you can erase the mess from internet (looong task)
Btw, thx guys from Ubiquiti official support for a magical zero support.