×

UniFi - SSL Certificate Error

Overview

This article explains what to do if a SSL Certificate Error is shown upon attempting to open the UniFi controller page.

Table of Contents

  1. What does this error look like?
  2. Cause: Missing a Valid SSL Certificate
  3. Cause: Adopting UniFi for the First Time
  4. Related Articles

 What does this error look like?

Back to Top

User Tip:Sometimes it's impossible to click past the certificate error. Users have reported that in those cases they have gotten past the error by typing thisisunsafe and hitting Enter/Return on the error page on Chrome browser.

Missing a Valid SSL Certificate

Back to Top

UniFi relies on HTTPS for extra security. This means that the browser will check for valid certificates when making a secure connection to the web server. Although the alert message may prove annoying, there's no risk to the connecting user. To avoid this error you must:
 
  1. Buy a signed SSL certificate from any web hosting provider (or if you decide to generate one, see a few notes on that below).
  2. Then make the following changes to the controller:
    sudo su -
    # cd <unifi_base> 
    # on Windows, "%USERPROFILE%/Ubiquiti Unifi"
    cd /usr/lib/unifi 
    
    # create new certificate (with csr)
    java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>
    
    #  Enter your password if prompted and then it will create your CSR in /var/lib/unifi
    # - unifi_certificate.csr.der
    # - unifi_certificate.csr.pem
    
    # have this CSR signed by a CA, you'll get a few certificates back...
    # copy the signed certificate(s) to <unifi_base>
    
    # import the signed certificate and other intermediate certificates
    java -jar lib/ace.jar import_cert <signed_cert> [<other_intermediate_root_certs>...]
NOTES:
  1. Following notes for X509Subject Alternative Name:
    • If you're using Windows to generate the certificate, make sure the alternative name is set as DNS within the certificate's properties window, and fill out the value.
    • If you're on Ubuntu / Debian and using openssl to generate a certificate, make sure to use the SAN extensions or you will be promoted that the cert is invalid. Which is indication for the mission X509 Subject Alternative Name. See external documentation about Subject Alternative Name here.
  2. Once you have created the CSR it can be found in the %USERPROFILE%\Ubiquiti UniFi\data folder. On Mac find it here: /Users/username/Library/Applic ation\ Support/UniFi/data. Not sure where to find <unifi_base>? See this article.

Troubleshooting

If the error "Unable to import certificate into keystore" appears when importing the signed certificate & intermediate certs, try the following steps:

1. Edit the certificate file using a text editor and remove any blank spaces and line breaks after each line of the cert. The cert should be one single line.

2. Save changes re-import the certificate.

Adopting UniFi for the First Time

Back to Top

This error should not be confused with the one seen when adopting a Cloud Key for the first time. This error can be safely ignored by:

1. Click Advanced

2. Click Proceed to <your IP>

Verify if this is your case by seeing our UniFi - How to Setup your Cloud Key and UniFi Access Point (for beginners) article (in step 3.5 of the section 3. Configuring your Cloud Key & Access Point). 

 Related Articles

Back to Top

UniFi - How to Setup your Cloud Key and UniFi Access Point (for beginners)

Was this article helpful?
16 out of 74 found this helpful
Can't find what you're looking for?
Visit our worldwide community of Ubiquiti experts for more answers
Visit the Ubiquiti Community