This tutorial is about import of Wildcard X509 certificate.
I spend 3 days with research, and I found just many trials and errors. Nightmare, thanks to totally unsupported topic and Ubiquiti attitude (same as Synology). Tons of solutions across internet, but each of them useless for Wildcard cert.
Then I have done for you fully functional guide. Tested and implemented right now. You now can spend 5 minutes only. Cheers.
I use description also for newbies.
Step by step of UNIFI controller Docker Wildcard SSL import
1. Prerequisites, based on main Unifi/docker tutorial document:
#Location of the docker container in Synology (up to your setup, but it will help you understand my guide):
#Name of the container:
#Move your issued certificate pair (crt+key) to docker/unifi directory
# backup your original keystore file:
../docker/unifi ... there is file keystore ... make new one as keystore.bak
# SSH client (I like my MobaXterm or Putty)
# KeyStore Explorer App (Win, Mac, Lnx), really useful app
2. check of your working directory (to be sure)
# connect your NAS by SSH client, include sudo -i (root)
# Use the command to get a bash shell in the container
docker exec -it unifi /bin/bash
# then you see (you are in the container shell):
# list of directories in the container:
# you see:
cert data log
# check of "data" directory list - you have to see same structure as is in your main docker/unifi directory (mapping)
# you see:
# then mapping is working. End of this part.
3. prepare conversion of your Wildcard certificate to PKCS#12 standard:
openssl pkcs12 -export -in name of your certificate.crt -inkey name of your certificate key.key -out unifi.p12 -name unifi -password pass:aircontrolenterprise
.... in this step I found a lot of mess from 3rd party guides
# you will find new file in this directory called
unifi.p12= this is your new integrated certificate (cert+key).
# the new certificate I checked by KeyStore Explorer App:
- open the new certificate:
- password for the certificate: aircontrolenterprise
- Save as: use Keystore file format
# done, you have your new keystore include your valid Wildcard SSL cert.
# to be sure final keystore file you have to place to
Then just restart your container.
Time for next beer.
here is a command, how to import your unifi.p12 to keystore by CLI, without KeystoreExplorer:
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore keystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi -noprompt
and you can erase the mess from internet (looong task)
Btw, thx guys from Ubiquiti official support for a magical zero support.
it is very easy and I will recommend you use this tutorial based on RickMakes YT
Some update of the YT resource by me for new versions availability:
sudo docker pull jacobalberty/unifi:5.11.39-sc
it will Tracks UniFi stable version - 5.11.39 as of 2019-08-22
from Docker GUI in NAS:
Do not forget:
- download of backup your current controller settings: Controller/Settings/Maintenance/Backup ... Download backup button
- Stop your current Docker Unifi container + Reneme it as "old" or by ver. no.
- Run the upgrade procedure
- Run the New upgraded container
- Login/check of the upgraded Unifi controller
- Fallback: when something is wrong, you can Stop the New container and run your Old one in few seconds
- In any troubles with New controller use the Restore procedure (described in my Tutorial) ... Controller/Settings/Maintenance/Restore ... Choose file button, then load your Backup file and you have got all settings in your New controller from Old controller.
Tested, works from 5.10.25 (Build: atag_5.10.25_11682) to latest stable ver 5.11.39-sc