UNMS - How to Install a Non-Default SSL Certificate


This article describes how to install UNMS using another certificate, other than the default LetsEncrypt option found in UNMS.

Table of Contents

  1. Prepare the Certificate
  2. Delete the Old Certificate
  3. Reinstall UNMS
  4. Related Articles

Prepare the Certificate

Back to Top

NOTE:A GoDaddy wildcard SSL certificate was used as an example for this article. It was delivered in .crt format and exported to .pfx files using Microsoft's "certificates" snap-in with MMC.

Create ".pem" versions of the public key full chain and the private key:

1. Install OpenSSL on the Windows desktop if not already installed.

2. Copy the full chain .pfx to the computer, eg. to C:\Program Files\OpenSSL-Win64\bin\

3. Open a command prompt and go to the folder used in the step above, and run:

openssl pkcs12 -in your-new-full-chain.pfx -nocerts -out privatekey.pem -nodes
openssl pkcs12 -in your-new-full-chain.pfx -nokeys -out public-cert.pem -nodes

4. Both times, you are prompted for the SSL certificate encryption password. You provided this when you made the PFX. This produces two files: 'privatekey.pem' and 'public-cert.pem'.

ATTENTION:Be VERY CAREFUL with the privatekey.pem file. Do not leave a copy of this file anywhere it can be easily reached. 

5. Copy these files to the UNMS server in the /etc/certificates directory (it is possible to use programs like WinSCP or similar to move the files).

Delete the Old Certificate

Back to Top

Run these commands to remove the old data:

cd /home/unms/data
sudo chmod a+rwx cert
cd cert
rm live.*
rm custom.*
cd ..
sudo chmod a-rwx cert
sudo chmod u+rw cert

Reinstall UNMS

Back to Top

At this point, it is necessary to reinstall UNMS by running again the installation script with this command:

curl -fsSL https://unms.com/v1/install > /tmp/unms_inst.sh && sudo bash /tmp/unms_inst.sh --ssl-cert-dir /etc/certificates --ssl-cert put-the-name-of-fullchain.pem --ssl-cert-key put-name-of-privkey.pem
IMPORTANT:Please note that it is vital to include any optional installation tags that were potentially used in the previous installation.

Related Articles

Back to Top

UNMS - Optional Installation Steps

Was this article helpful?
2 out of 6 found this helpful
Can't find what you're looking for?
Visit our worldwide community of Ubiquiti experts for more answers
Visit the Ubiquiti Community