UISP - How to Install a Non-Default SSL Certificate


This article describes how to install UISP using another certificate, other than the default LetsEncrypt option found in UISP.

Table of Contents

  1. Prepare the Certificate
  2. Delete the Old Certificate
  3. Reinstall UISP
  4. Related Articles

Prepare the Certificate

Back to Top

NOTE: A GoDaddy wildcard SSL certificate was used as an example for this article. It was delivered in .crt format and exported to .pfx files using Microsoft's "certificates" snap-in with MMC.

Create ".pem" versions of the public key full chain and the private key:

1. Install OpenSSL on the Windows desktop if not already installed.

2. Copy the full chain .pfx to the computer, eg. to C:\Program Files\OpenSSL-Win64\bin\

3. Open a command prompt and go to the folder used in the step above, and run:

openssl pkcs12 -in your-new-full-chain.pfx -nocerts -out privatekey.pem -nodes
openssl pkcs12 -in your-new-full-chain.pfx -nokeys -out public-cert.pem -nodes

4. Both times, you are prompted for the SSL certificate encryption password. You provided this when you made the PFX. This produces two files: 'privatekey.pem' and 'public-cert.pem'.

ATTENTION: Be VERY CAREFUL with the privatekey.pem file. Do not leave a copy of this file anywhere it can be easily reached. 

5. Copy these files to the UISP console (server) in the /etc/certificates directory (it is possible to use programs like WinSCP or similar to move the files).

Delete the Old Certificate

Back to Top

Run these commands to remove the old data:

cd /home/unms/data
sudo chmod a+rwx cert
cd cert
rm live.*
rm custom.*
cd ..
sudo chmod a-rwx cert
sudo chmod u+rw cert

Reinstall UISP

Back to Top

At this point, it is necessary to reinstall UISP by running again the installation script. Please refer to this article to learn about optional installation options related to the installation of custom certificates. The following example may not work for you, depending on the type of your certificate.

curl -fsSL https://uisp.ui.com/v1/install > /tmp/uisp_inst.sh && sudo bash /tmp/uisp_inst.sh --ssl-cert-dir /etc/certificates --ssl-cert put-the-name-of-fullchain.pem --ssl-cert-key put-name-of-privkey.pem
IMPORTANT: Please note that it is vital to include any optional installation tags that were potentially used in the previous installation.

Related Articles

Back to Top

UISP - Optional Installation Steps

Was this article helpful?
9 out of 28 found this helpful