Unifi Cloud Key: Custom SSL Certificate

-
Unifi Cloud Key: Custom SSL Certificate

I have a wildcard SSL for my domain, I found this pos

I found this post by Cullum Smith show how to import the wildcard ssl to cloud key, I tested it work for me.

https://www.c0ffee.net/blog/unifi-cloud-key-ssl-certificate

Login SSH
In the instructions below, I'm going to assume you have a certificate pair for example.com, and your Cloud Key is located at cloudkey.example.com. You will also need the root certificate (as well as any intermediate certificates) for your certificate authority concatenated into a single file. The intermediate certificate should be placed before the root certificate. I'm going to assume you named this file chain.crt.
First, copy the certificates to the Cloud Key. The root password should be the same one you use to log into the web interface.


# stop the unifi web service
service unifi stop

# backup the default certificate
mkdir backup
cp -r /etc/ssl/private/ backup

# remove the default SSL bundle
rm /etc/ssl/private/cert.tar

# MAGIC - discovered through random forum posts, wailing, and gnashing of teeth.
# the password for export is your cound key root password.
openssl pkcs12 -export -in example.com.crt -inkey example.com.key -out example.com.p12 -name unifi -CAfile chain.crt -caname root
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /usr/lib/unifi/data/keystore -srckeystore example.com.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi
cp example.com.crt /etc/ssl/private/cloudkey.crt
cp example.com.key /etc/ssl/private/cloudkey.key
rm /etc/ssl/private/ssl-cert-snakeoil.key
chown root:ssl-cert /etc/ssl/private/*
chmod 640 /etc/ssl/private/*
tar -cvf cert.tar *
chown root:ssl-cert cert.tar
chmod 640 cert.tar
service nginx restart

# NOTE: if you have an ECC certificate like me, you must also complete
# the following magic incantations.
# (if you don't know what an ECC certificate is, just ignore this part.)
#
# echo "unifi.https.sslEnabledProtocols=TLSv1.2" >> /usr/lib/unifi/data/system.properties
# echo "unifi.https.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" >> /usr/lib/unifi/data/system.properties

# finally, restart the unifi service
service unifi start

Comments

Post a Comment

Popular posts from this blog

Extracting and using a modified VMWare Player BIOS or UEFI firmware

-
https://pete.akeo.ie/2011/06/extracting-and-using-modified-vmware.html Extracting and using a modified VMWare Player BIOS or UEFI firmware (updated 2016.05.17 for VMWare UEFI firmware extraction) One day or another, you may want to play with BIOS/UEFI firmware modification. But before jumping into physical motherboard flash alteration, where the consequences of a mishap can be difficult to salvage, experimenting with the BIOS/UEFI in a virtual environment sounds like a sound first step. You have of course the opportunity to do so using  bochs , however the ubiquitous nature and ease of use of the (freely available)  VMware Player  can turn the latter in a much better candidate for the job if you don't really care about the extra features that bochs brings in. This post details how one can extract the BIOS/UEFI firmwares used by the VMWare Player, and how to setup the player to use a modified one. Download and install VMware Player. The current version of VMwar...
Read more

Activate Synology Active Backup for Business for DSM 6

-
 Activate Synology Active Backup for Business with Xpenology DSM  https://gist.github.com/igresc/91e468f3d2ad5f2f7407262ba6f0dd56 Install the package and run the URL below on the browser . Active Backup for Business 1. Replace the IP, username, and password  http:// 192.168.0.1 :5000/webapi/auth.cgi?api=SYNO.API.Auth&method=Login&version=1&account= admin &passwd= password {"success":true} 2. Replace IP and Serial http:// 192.168.0.1 :5000/webapi/entry.cgi?api=SYNO.ActiveBackup.Activation&method=set&version=1&activated=true&serial_number= 1780PDN123456 {"data":{"activated":true},"success":true} Active Backup for G Suite 1. Replace IP http:// 192.168.0.1 :5000/webapi/entry.cgi?api=SYNO.ActiveBackupGSuite&method=get_activation&version=1 {"data":{"activated":false,"serial_number":"1780PDN123456"},"success":true} 2. Replace IP and Serial 1. Replace IP http:// 19...
Read more

Windows 11 internet/account bypass

-
Image
https://github.com/the-P1neapple/WinJS-Microsoft-Account-Bypass WinJS-Microsoft-Account-Bypass Overview This guide explains a method to bypass the Microsoft Account (MSA) requirement during the Windows 11 Out-Of-Box Experience (OOBE) by using the Developer Console to invoke a hidden local account setup screen. This method was discovered by examining the Windows 11 OOBE source code, which revealed an event listener for a hidden  _localAccountButton . Note A faster method has since been discovered using Command Prompt ( Source ), this repo was made 7 months prior to that discovery. The method I have documented is still the only known method for S-Mode installations. Following these steps, you can create a local account without needing to sign in with or create a Microsoft account. I also have a  Youtube Tutorial  that follows the same instructions below Steps to Bypass Microsoft Account Setup 1. Start Windows 11 Setup Begin the Windows 11 Setup Process. Select your region a...
Read more