Created Example hook script to deploy cert to Unifi controller (markdown)

2026-03-20 16:23:51 +01:00 · 2017-07-29 14:32:17 +01:00
parent d2f72101ae
commit 1f6697413e
1 changed files with 39 additions and 0 deletions
--- a/Example-hook-script-to-deploy-cert-to-Unifi-controller.md
+++ b/Example-hook-script-to-deploy-cert-to-Unifi-controller.md
@@ -0,0 +1,39 @@
+The [unifi controller](https://www.ubnt.com/download/unifi/) has a Java webserver and hence Java certificate/key store.
+
+```
+#!/bin/bash -e
+
+# Deploy cert to unifi controller. Based on:
+# https://community.ubnt.com/t5/UniFi-Wireless/Your-own-SSL-key-and-cert/m-p/484943#M39260
+# (with correction to use '-certfile' not '-CAfile' to import the intermediate CA cert)
+
+HANDLER="${1}"
+DOMAIN="${2}"
+KEYFILE="${3}"
+CERTFILE="${4}"
+FULLCHAINFILE="${5}"
+CHAINFILE="${6}"
+TIMESTAMP="${7}"
+
+KEYSTORE="/usr/lib/unifi/data/keystore"
+KEYSTOREPASS="aircontrolenterprise"
+
+case "$HANDLER" in
+  "deploy_cert")
+    TMPFILE="$(mktemp)"
+
+    openssl pkcs12 -export -in "$CERTFILE" -inkey "$KEYFILE" \
+     -out "$TMPFILE" -name unifi \
+     -certfile "$CHAINFILE" -caname root -password "pass:$KEYSTOREPASS"
+
+    keytool -importkeystore \
+      -deststorepass "$KEYSTOREPASS" -destkeypass "$KEYSTOREPASS" -destkeystore "$KEYSTORE" \
+      -srckeystore "$TMPFILE" -srcstoretype PKCS12 -srcstorepass "$KEYSTOREPASS" \
+      -alias unifi -noprompt
+
+    rm "$TMPFILE"
+    systemctl restart unifi
+    ;;
+
+esac
+```