starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-04-24 01:08:29 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Created Example hook script to deploy cert to Unifi controller (markdown)

Brian Candler
2017-07-29 14:32:17 +01:00
parent d2f72101ae
commit 1f6697413e
1 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
Example-hook-script-to-deploy-cert-to-Unifi-controller.md Normal file

@@ -0,0 +1,39 @@
The [unifi controller](https://www.ubnt.com/download/unifi/) has a Java webserver and hence Java certificate/key store.
```
#!/bin/bash -e
# Deploy cert to unifi controller. Based on:
# https://community.ubnt.com/t5/UniFi-Wireless/Your-own-SSL-key-and-cert/m-p/484943#M39260
# (with correction to use '-certfile' not '-CAfile' to import the intermediate CA cert)
HANDLER="${1}"
DOMAIN="${2}"
KEYFILE="${3}"
CERTFILE="${4}"
FULLCHAINFILE="${5}"
CHAINFILE="${6}"
TIMESTAMP="${7}"
KEYSTORE="/usr/lib/unifi/data/keystore"
KEYSTOREPASS="aircontrolenterprise"
case "$HANDLER" in
"deploy_cert")
TMPFILE="$(mktemp)"
openssl pkcs12 -export -in "$CERTFILE" -inkey "$KEYFILE" \
-out "$TMPFILE" -name unifi \
-certfile "$CHAINFILE" -caname root -password "pass:$KEYSTOREPASS"
keytool -importkeystore \
-deststorepass "$KEYSTOREPASS" -destkeypass "$KEYSTOREPASS" -destkeystore "$KEYSTORE" \
-srckeystore "$TMPFILE" -srcstoretype PKCS12 -srcstorepass "$KEYSTOREPASS" \
-alias unifi -noprompt
rm "$TMPFILE"
systemctl restart unifi
;;
esac
```