UISP - How to Install a Non-Default SSL Certificate
Overview
This article describes how to install UISP using another certificate, other than the default LetsEncrypt option found in UISP.
Table of Contents
Prepare the Certificate
Create ".pem" versions of the public key full chain and the private key:
1. Install OpenSSL on the Windows desktop if not already installed.
2. Copy the full chain .pfx to the computer, eg. to C:\Program Files\OpenSSL-Win64\bin\
3. Open a command prompt and go to the folder used in the step above, and run:
openssl pkcs12 -in your-new-full-chain.pfx -nocerts -out privatekey.pem -nodes
openssl pkcs12 -in your-new-full-chain.pfx -nokeys -out public-cert.pem -nodes
4. Both times, you are prompted for the SSL certificate encryption password. You provided this when you made the PFX. This produces two files: 'privatekey.pem' and 'public-cert.pem'.
5. Copy these files to the UISP console (server) in the /etc/certificates directory (it is possible to use programs like WinSCP or similar to move the files).
Delete the Old Certificate
Run these commands to remove the old data:
cd /home/unms/data
sudo chmod a+rwx cert
cd cert
rm live.*
rm custom.*
cd ..
sudo chmod a-rwx cert
sudo chmod u+rw cert
Reinstall UISP
At this point, it is necessary to reinstall UISP by running again the installation script. Please refer to this article to learn about optional installation options related to the installation of custom certificates. The following example may not work for you, depending on the type of your certificate.
curl -fsSL https://uisp.ui.com/v1/install > /tmp/uisp_inst.sh && sudo bash /tmp/uisp_inst.sh --ssl-cert-dir /etc/certificates --ssl-cert put-the-name-of-fullchain.pem --ssl-cert-key put-name-of-privkey.pem