This article explains what to do if a SSL Certificate Error is shown upon attempting to open the UniFi controller page.
Table of Contents
- What does this error look like?
- Cause: Missing a Valid SSL Certificate
- Cause: Adopting UniFi for the First Time
- Related Articles
What does this error look like?
Missing a Valid SSL Certificate
- Buy a signed SSL certificate from any web hosting provider (or if you decide to generate one, see a few notes on that below).
- Then make the following changes to the controller:
sudo su - # cd <unifi_base> # on Windows, "%USERPROFILE%/Ubiquiti Unifi" cd /usr/lib/unifi # create new certificate (with csr) java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country> # Enter your password if prompted and then it will create your CSR in /var/lib/unifi
# - unifi_certificate.csr.der # - unifi_certificate.csr.pem # have this CSR signed by a CA, you'll get a few certificates back... # copy the signed certificate(s) to <unifi_base> # import the signed certificate and other intermediate certificates java -jar lib/ace.jar import_cert <signed_cert> [<other_intermediate_root_certs>...]
- Following notes for X509Subject Alternative Name:
- If you're using Windows to generate the certificate, make sure the alternative name is set as DNS within the certificate's properties window, and fill out the value.
- If you're on Ubuntu / Debian and using openssl to generate a certificate, make sure to use the SAN extensions or you will be promoted that the cert is invalid. Which is indication for the mission X509 Subject Alternative Name. See external documentation about Subject Alternative Name here.
- Once you have created the CSR it can be found in the %USERPROFILE%\Ubiquiti UniFi\data folder. On Mac find it here: /Users/username/Library/Applic
ation\ Support/UniFi/data. Not sure where to find <unifi_base>? See this article.
If the error "Unable to import certificate into keystore" appears when importing the signed certificate & intermediate certs, try the following steps:
1. Edit the certificate file using a text editor and remove any blank spaces and line breaks after each line of the cert. The cert should be one single line.
2. Save changes re-import the certificate.
Adopting UniFi for the First Time
This error should not be confused with the one seen when adopting a Cloud Key for the first time. This error can be safely ignored by:
1. Click Advanced
2. Click Proceed to <your IP>
Verify if this is your case by seeing our UniFi - How to Setup your Cloud Key and UniFi Access Point (for beginners) article (in step 3.5 of the section 3. Configuring your Cloud Key & Access Point).