{"id":2916,"date":"2020-02-05T16:38:54","date_gmt":"2020-02-05T16:38:54","guid":{"rendered":"https:\/\/www.ssls.com\/knowledgebase\/?p=2916"},"modified":"2022-08-25T16:03:58","modified_gmt":"2022-08-25T16:03:58","slug":"installing-an-ssl-certificate-on-ubiquiti-unifi","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/","title":{"rendered":"How to install an SSL certificate on Ubiquiti Unifi"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li><a href=\"#UDM-base\">Installing SSL on UDM-base<\/a><ul><li><a href=\"#ace_jar\">The standard method with ace.jar<\/a><\/li><li><a href=\"#keytool\">Installing with keytool<\/a><\/li><li><a href=\"#PKCS7\">Importing PKCS7<\/a><\/li><li><a href=\"#PEM\">Importing PEM<\/a><\/li><li><a href=\"#pfx_line\">Command line PFX file import<\/a><\/li><\/ul><\/li><li><a href=\"#UDM-pro\">SSL installation on UDM-pro<\/a><\/li><li><a href=\"#non-UDM-based\">SSL installation for non-UDM-based UniFi services<\/a><ul><li><a href=\"#keytool_w\">Keytool installation (for Windows)<\/a><\/li><li><a href=\"#pfx_keystore\">Importing PFX files using Keystore Explorer<\/a><\/li><li><a href=\"#pfx_c_w\">Using command line for PFX file import (Windows)<\/a><\/li><li><a href=\"#features\">Unifi SSL security features<\/a><\/li><\/ul><\/li><\/ul>\n\n\n\n<p><strong><em>Unifi Dream Machine (UDM) <\/em><\/strong>is the newest console for network management by UniFi. It usually has UniFi OS (a type of Debian-based Linux Operating System) installed. There are two versions of UniFi OS. The first is a modification of older UniFi controllers known as <em>UDM-base<\/em>. The second version is <em>UDM-Pro<\/em>, which has an easy-to-use own graphical interface.&nbsp;\n\n<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"UDM-base\">Installing SSL on UDM-base<\/h2>\n\n\n\n<p>\nUniFi controller\u2019s <a href=\"https:\/\/help.ubnt.com\/hc\/en-us\/categories\/200320654-UniFi-Enterprise\">Official documentation<\/a> outlines a <a href=\"https:\/\/docs.google.com\/document\/d\/1dnetbAoqMW_O4JSakUOqP-Cv3fN7BN-kgJ0j0Om6OpQ\/edit#heading=h.1o038hxy87is\">specific way<\/a> to install an SSL certificate. Although this is a reasonably straightforward method, many people experience an error message that doesn\u2019t indicate the actual root.<\/p>\n\n\n\n<p>In this guide, you\u2019ll find multiple alternative ways to install your SSL, as well as tips for fixing common errors, and some helpful advice for boosting security.<\/p>\n\n\n\n<p><strong>PLEASE NOTE<\/strong>: Servers may sometimes use a default server certificate instead of the one you install. Web browsers don\u2019t consider such certificates to be secure and may result in website users receiving security warnings. If this happens to you, you can resolve it by following the below steps, no matter what installation method you used:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Connect to UniFi.<\/li><li>Run the following command to stop running UniFi Controller:<br><code>unifi-os stop<\/code><\/li><li>Remove the default certificate file\u2019s link and copy the certificate file you installed via:<br><code>rm \/usr\/lib\/unifi\/data\/keystore &amp;&amp; cp \/etc\/ssl\/private\/unifi.keystore.jks \/usr\/lib\/unifi\/data\/keystor<\/code><\/li><li>Comment out or remove this line in <strong>\/etc\/default\/unifi<br><\/strong>UNIFI_SSL_KEYSTORE=\/etc\/ssl\/private\/unifi.keystore.jks<br>Replacing bundle.crt with your CA Bundle file.<\/li><li>Use the following command to restart UniFI Controller:<br><code>unifi-os restart<\/code><\/li><\/ul>\n\n\n\n<p>Complete your SSL setup by following one of the methods outlined below.\n\n<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"ace_jar\">Standard method with ace.jar<\/h3>\n\n\n\n<p> Although this method is often recommended, some peculiarities might not make it ideal for everyone.<\/p>\n\n\n\n<p>You must install SSL in the same folder where you <a href=\"https:\/\/www.ssls.com\/knowledgebase\/generating-csr-using-ubiquiti-unifi\/\">generated the CSR code<\/a>. Finish installing your SSL using <strong>ace.jar by following these steps:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\"><li> Connect to your server.  <ul><li>Use <strong>Putty or a similar application<\/strong> for <a href=\"https:\/\/www.ssh.com\/ssh\/putty\/linux\/\" target=\"_blank\" rel=\"noopener noreferrer\">Linux-<\/a> or <a href=\"https:\/\/www.putty.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Windows-<\/a>based machines <\/li><li>Use <strong>Terminal<\/strong> on MacOS<\/li><li>Connect to a Windows server via remote desktop (if necessary) and run <strong>cmd <\/strong>or <strong>PowerShell <\/strong><p><strong>Please note<\/strong>: On Windows, you must start the application with administrator rights. You can either right-click on the program icon and select <strong>Run as administrator<\/strong> or go to <strong>Properties &gt;&gt; Compatibility &gt;&gt; mark the Run this program as an administrator &gt;&gt; OK<\/strong>.<\/p>You must have root or sudo user access on Linux\/MacOS. Enable it with this command:<br><p> <code>sudo su - <\/code><\/p><\/li><\/ul><\/li><li> Access the UDM files by opening the UniFi shell:<br><p><code>unifi-os shell<\/code><\/p><\/li><li>Run the following to access the UDM-base main folder:<br><p><code>cd  \/usr\/lib\/unifi\/ <\/code><\/p><\/li><li> In the UniFi base folder, upload the following files from the archive you got from the Certificate Authority:  <ul><li>the <em>Security certificate<\/em> file in PEM format (a <em>.crt<\/em> file);<\/li><li>Root certificate;<\/li><li>Intermediate certificates. <br><br>Run this command: <br><p><code>java -jar lib\/ace.jar import_cert *your certificate*.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAddTrustCA.crt addtrustexternalcaroot.crt <\/code><\/p>Replace *your certificate* with your file name. <br>If you got the intermediate and root certificates in a single bundled file (.ca-bundle), download them individually from <a href=\"https:\/\/www.ssls.com\/knowledgebase\/where-do-i-get-a-ca-bundle-file\/\">here<\/a>.  <br><strong><em>Note<\/em><\/strong><em>: the command outlined above features an example of intermediate certificates for a <\/em><a href=\"https:\/\/www.ssls.com\/validation-type\/domain-only\"><em>Domain Validation<\/em><\/a><em> SSL.<\/em><\/li><\/ul><\/li><li> UniFi will then request the keystore password. Use <em>\u2018aircontrolenterprise\u2019 (<\/em>unless you already changed it in your UniFi settings) and then import the certificate. <br><em><strong>Please note<\/strong>: You may need to upload the CA bundle in a single file for some versions of the server<\/em><strong><em>.<\/em><\/strong><em> You can download the CA bundle from <\/em><a href=\"https:\/\/www.ssls.com\/knowledgebase\/where-do-i-get-a-ca-bundle-file\/\"><em>this article<\/em><\/a><em>. Then, run this command: <\/em><p><code>java -jar lib\/ace.jar import_cert *your certificate*.crt bundle.crt<\/code><\/p><\/li><li> To apply the changes, restart UDM-base with this command: <br><p><code>unifi-os restart<\/code><\/p><\/li><\/ol>\n\n\n\n<p> You can check the installation <a href=\"https:\/\/decoder.link\/\">here<\/a>. <\/p>\n\n\n\n<p><strong><em>Important<\/em><\/strong>: Most common modern UniFi versions have an importation bug. You may receive an error message saying, \u201cUnable to import the certificate into keystore\u201d after importing the files to the server.<br>This is because the modern versions of UniFi, ace.jar can\u2019t parse the new string (\\n) symbol. <\/p>\n\n\n<p>You can fix this issue on On Linux and macOS by removing these symbols using this command:<\/p>\n<p><code>tr -d '\\n\\r' &lt; *file name* &gt; *temporary file name* &amp;&amp; mv *temporary file name* *file name*<\/code><\/p>\n<p>Where you put the full name of the required file in the *file name*. Run the command for your certificate, each intermediate certificate, and the root certificate.<br data-rich-text-line-break=\"true\">Since the command won\u2019t let you save modified content directly to the same file, you need to add *temporary file name* as a temporary file. So you need to save it in a temporary place before using it to replace the old file.<br data-rich-text-line-break=\"true\">Alternatively, run this command:<br data-rich-text-line-break=\"true\"><code>tr -d '\\n\\r' &lt; *file name* | echo $(cat -) &gt; *file name*<\/code><\/p>\n\n\n<p>You can fix the certificate files on Windows by using <a href=\"https:\/\/notepad-plus-plus.org\/download\/v7.6.5.html\">Notepad++<\/a> by performing the following steps: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Use a text editor to open the file.<\/li><li>Click ctrl+F and navigate to the Replace tab.<\/li><li>Click the Extended option to replace the service symbols.<br><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"433\" class=\"wp-image-2905\" style=\"width: 700px;\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png\" alt=\"\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png 1092w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1-300x185.png 300w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1-768x475.png 768w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1-1024x633.png 1024w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1-150x93.png 150w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/li><li>In the form, type <strong>\\n<\/strong>, then click <strong>Replace All<\/strong>. <br><img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"414\" class=\"wp-image-2906\" style=\"width: 700px;\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_2.png\" alt=\"\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_2.png 1092w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_2-300x177.png 300w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_2-768x454.png 768w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_2-1024x606.png 1024w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_2-150x89.png 150w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/li><li>Do the same thing again but with <strong>\\r<\/strong>. <\/li><li>Save the file. <\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"keytool\">Installation with keytool<\/h3>\n\n\n\n<p>\nA keytool is a flexible installation method with no parsing issues. The process is similar to <a href=\"https:\/\/www.ssls.com\/knowledgebase\/how-to-install-an-ssl-certificate-on-a-tomcat-server\/\" target=\"_blank\" rel=\"noopener noreferrer\">installing an SSL on a Tomcat server<\/a>.\n\n<\/p>\n\n\n<h3 id=\"PKCS7\">Importing PKCS7<\/h3>\n\n\n<p>\nThe standard way is to import the file in PKCS#7 format (<em>.p7b<\/em> or <em>.cer<\/em> extension) inside the keystore.<\/p>\n\n\n\n<p>Follow <strong>Steps 1-3<\/strong> as described in <a href=\"#ace_jar\"> the Standard method with ace.jar<\/a>.<\/p>\n\n\n\n<p>The <strong>Private key<\/strong> for the certificate should be saved in the default UniFi keystore in the \/data\/keystore file following <a href=\"https:\/\/www.ssls.com\/knowledgebase\/generating-csr-using-ubiquiti-unifi\/\" target=\"_blank\" rel=\"noopener noreferrer\">CSR generation<\/a>.\n<\/p>\n\n\n\n<ol start=\"4\"><li>Upload your <i>security certificate<\/i> file to the UniFi base folder in the PKCS#7 format (.cer or .p7b).<\/li><li>Run the following command to import the uploaded file to the keystore: <p><code>keytool -import -trustcacerts -alias unifi -file *your certificate*.p7b -keystore \/data\/keystore<\/code><\/p>Use the password <i>aircontrolenterprise<\/i> (unless you previously changed it in your UniFi settings) and complete the import by pressing Enter.<\/li><li>To apply the changes, restart UDM-base: <p><code>unifi-os restart<\/code><\/p><\/li><\/ol>\n<p>Installation should now be complete. Check that it worked <a href=\"https:\/\/decoder.link\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/p>\n\n\n\n<p>IMPORTANT NOTE: When importing the SSL in the PKCS#7 format, you might get an error message saying, \u201cInput not an X.509 certificate\u201d It could be due to extra empty strings or other issues related to formatting. If it doesn\u2019t help to edit the file in a text editor, try <a href=\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#pemm\/support\/knowledgebase\/article.aspx\/10134\/33\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#pem\">importing the SSL as PEM files<\/a>. <\/p>\n\n\n\n<p>\nOn Windows, you can also try the following:\n\n<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li> Switch the certificate to the <strong>.cer file extension. <\/strong><\/li><li> Right-click the certificate file and select <strong>Install certificate<\/strong>. Click through all the options until the <strong>Finish<\/strong> button appears.<br><strong>TIP<\/strong>: In Internet Explorer, install it by going to <strong>Tools &gt;&gt; Internet Options<\/strong>. <\/li><li> Head to the <strong>Content<\/strong> tab and click <strong>Certificates<\/strong>. <\/li><li> In the <strong>Other<\/strong> tab, select your certificate and then <strong>Export<\/strong>. <\/li><li>Click <strong>Next<\/strong>.<\/li><li> Click <em>\u201cCryptographic Message Syntax Standard &#8211; PKCS#7 Certificates (.P7B)\u201d<\/em> and select the box, <em>\u201cInclude all certificates in the certification path if possible\u201d<\/em>. <\/li><li> Hit <strong>Next &gt;&gt; Browse<\/strong>. Write up the new combined file name and path to save it. <br><strong>TIP<\/strong>: Save it with a <strong>.cer<\/strong> extension. <\/li><li>Select <strong>Next<\/strong> and <strong>Finish<\/strong>.<\/li><li>In the keystore, use this new file during installation.<\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"PEM\">Importing PEM<\/h3>\n\n\n\n<p> Importing the certificate file in PEM format (<em>.crt<\/em>) is another option.<\/p>\n\n\n\n<p>The following example features files for a<a href=\"https:\/\/www.ssls.com\/validation-type\/domain-only\"> Domain Validation SSL<\/a>, but the method for installing other SSL types is very similar. Find the files for your SSL type <a href=\"https:\/\/www.ssls.com\/knowledgebase\/where-do-i-get-a-ca-bundle-file\/\">here<\/a>.<\/p>\n\n\n\n<ol start=\"4\"><li>Use this command to import the root certificate:\n<p><code>keytool -import -trustcacerts -alias root -file addtrustexternalcaroot.crt -keystore \/data\/keystore<\/code><\/p>\n<\/li><li>One at a time, import the intermediate certificates using separate aliases:\n<p><code>keytool -import -trustcacerts -alias intermediate2 -file USERTrustRSAAddTrustCA.crt -keystore \/data\/keystore<\/code><\/p>\n<p><code>keytool -import -trustcacerts -alias intermediate1 -file SectigoRSADomainValidationSecureServerCA.crt -keystore\/data\/keystore<\/code><\/p><\/li>\n<li>With the alias <b>unifi<\/b>, import the SSL certificate:\n<p><code>keytool -import -trustcacerts -alias unifi -file *your certificate*.crt -keystore \/data\/keystore<\/code><\/p>\n<p><b>PLEASE NOTE<\/b>: For each import, you need to enter the keystore password. Press <b>Enter<\/b> to complete the process.<\/p>\n<p><b>TIP<\/b>: To avoid entering the password each time, to the end of the command, you can add the argument <b>-storepass *password*<\/b>, putting your actual password for the UniFi keystore in place of *password*.<\/p><\/li>\n<li>Apply the changes by restarting UDM-base:\n<p><code>unifi-os restart<\/code><\/p><\/li><\/ol>\n\n\n\n<p>\nThe files are the same as with the <a href=\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#ace_jar\" target=\"_blank\" rel=\"noopener noreferrer\">ace.jar standard installation method<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"pfx_line\">Command line PFX file import<\/h3>\n\n\n\n<p> If you generated the CSR code somewhere else or you used <a href=\"https:\/\/www.ssls.com\/knowledgebase\/how-to-generate-a-csr-code-on-apache-nginx-using-openssl\/\" target=\"_blank\" rel=\"noopener noreferrer\">OpenSSL<\/a>, you can use this option instead of using the <a href=\"https:\/\/www.ssls.com\/knowledgebase\/generating-csr-using-ubiquiti-unifi\/\" target=\"_blank\" rel=\"noopener noreferrer\">default UniFi tool<\/a>.<\/p>\n\n\n\n<p>If you generated the CSR this way, the <em>private key (.key)<\/em> will have been created separately. Importing the key file, certificate (<em>.crt<\/em>), and chain (<em>.ca-bundle<\/em>) files into the keystore is required. <\/p>\n\n\n\n<p>\nIf you<strong><em> want to perform the whole process via command line<\/em><\/strong>:\n\n<\/p>\n\n\n\n<ol start=\"4\">\n<li> Into the UniFi base folder, upload the PEM <i>security certificate<\/i> file (.crt), and <i>chain<\/i> file (<i>.ca-bundle<\/i>) from the archive you got from the CA. For your convenience, move or upload the <i>private key<\/i> file to the same folder.\n<p>You can put them in different folders, but if you do, you need to add the full paths to the files in the command in step 5.<\/p><\/li>\n<li>Use the following OpenSSL command to generate the PKCS#12 (PFX):\n<p><code>openssl pkcs12 -export -out *your certificate*.pfx -inkey *your certificate*.key -in *your certificate*.crt -certfile *your certificate*.ca-bundle -name \"unifi\"<\/code><\/p><\/li>\n<li>Import the PFX file you just created into the keystore:\n<p><code>keytool -importkeystore -srckeystore *your certificate*.pfx -srcstoretype PKCS12 -destkeystore \/data\/keystore -deststoretype jks -deststorepass *password*<\/code><\/p>\n<p>Make sure to replace *password* with your actual keystore password.<\/p><\/li>\n<li>Apply the changes by restarting UDM-base:\n<p><code>unifi-os restart<\/code><\/p><\/li>\n<\/ol>\n\n\n\n<p> Follow these steps if you want to <strong><em>generate the PFXsomewhere else (for example, using<\/em><\/strong><a href=\"https:\/\/decoder.link\/converter\"><strong> <em>our converter<\/em><\/strong><\/a><strong><em>)<\/em><\/strong>: <\/p>\n\n\n\n<ol start=\"4\">\n<li>Use any convenient tool to generate the PKCS#12 (PFX) file<\/li>\n<li>Upload the PFX file to the UniFi base folder on the server where the UniFi controller is installed.<\/li>\n<li>Then import the PFX file to the keystore:\n<p><code>keytool -importkeystore -srckeystore *your certificate*.pfx -srcstoretype pkcs12 -srcalias 1 -destkeystore \/data\/keystore -deststoretype jks -destalias unifi -deststorepass *password*<\/code><\/p>\n<p><b>IMPORTANT NOTE<\/b>: If you have a PFX file without an assigned alias, the default alias is 1. In the command, make sure to include <b>-srcalias<\/b> and <b>-destalias<\/b>. This prevents the \u201cAlias unifi does not exist\u201d error message. Replace *password* with your existing UniFi keystore password.<\/p><\/li>\n<li>Apply the changes by restarting UDM-base:\n<p><code>unifi-os restart<\/code><\/p><\/li><\/ol>\n\n\n\n<p> There is a slight possibility that the default alias will be different. Check the alias with one of these commands if you get an error message:<br><code>openssl pkcs12 -in *your certificate*.pfx -info <br>keytool -list -storetype pkcs12 -keystore *your certificate*.pfx -v <\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"UDM-pro\">SSL installation on UDM-pro<\/h2>\n\n\n\n<p>\nTo install an SSL on <strong>UDM-pro,<\/strong> simply replace the default <strong><em>private key<\/em><\/strong> and<strong> self-signed certificate<\/strong> and restart it.\n\n<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Turn on <strong>Secure Shell (SSH)<\/strong>:  <br><strong>Settings &gt;&gt; Network Settings &gt;&gt; Device Authentication &gt;&gt; Enable it and create a username and password (alternatively, you can create an access key, which you\u2019ll be able to do at the final step). <\/strong><\/li><li>When you connect via SSH, enter the <strong>UDM-pro<\/strong> configuration folder: <p><code>cd \/mnt\/data\/unifi-os\/unifi-core\/config\/<\/code><\/p><\/li><li>Insall your SSL files: <p>Inside the configuration folder, there are already two files: <strong><em>unifi-core.crt<\/em><\/strong> and <em><strong>unifi-core.key<\/strong><\/em>. These files are a <em><strong>self-signed certificate<\/strong><\/em> and a <em><strong>Private key<\/strong><\/em>.<\/p>You should replace these files with the <strong><em>valid certificate<\/em><\/strong> you got from the CA and its corresponding <em><strong>Private key<\/strong><\/em>. <ul><li>In <strong>unifi-core.crt<\/strong>, you should upload a single file that combines <em><strong>your certificate<\/strong> (the <strong>.crt file<\/strong> from CA)<\/em> with the <em><strong>intermediate <\/strong><\/em>and <em><strong>root certificates<\/strong> ( <strong>the .ca-bundle file<\/strong> from CA)<\/em>;<\/li><li>In <strong><em>unifi-core.key<\/em><\/strong>, upload the <strong><em><a rel=\"noreferrer noopener\" aria-label=\"Private key file (opens in a new tab)\" href=\"https:\/\/www.ssls.com\/knowledgebase\/generating-csr-using-ubiquiti-unifi\/#2\" target=\"_blank\">Private key file<\/a><\/em><\/strong>. <p>There are a few ways to combine the .crt and .ca-bundle files the CA sent you:<\/p><\/li><\/ul><ul><li>To <strong>\/mnt\/data\/unifi-os\/unifi-core\/config\/<\/strong>, upload both files and run this command: <p><code>cat example.crt &gt;&gt; unifi-core.crt ; echo &gt;&gt; unifi-core.crt ; cat example.ca-bundle &gt;&gt; unifi-core.crt<\/code><\/p><\/li><li>Using a <em>plaintext editor<\/em> (<em>Notepad, Notepad++, TextEdit, Text<\/em>), you can open both files to create a combined <strong><em>unifi-core.crt<\/em><\/strong> file on your computer by pasting the certificate code first and then the CA-bundle below it. Upload it to UDM when you\u2019re done.<\/li><li>Or copy the content of both files and paste it to <strong><em>unifi-core.crt<\/em><\/strong>, adding the certificate first and the CA-bundle below it. <p>You can use a Linux editor like <strong><em>nano <\/em><\/strong>or <strong><em>vi <\/em><\/strong>(run <code>nano unifi-core.crt<\/code>) to open it in the command line. <\/p><\/li><\/ul><\/li><li>Restart UDM-pro when you have replaced both files: <p><code>unifi-os restart<\/code><\/p><\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"non-UDM-based\">SSL installation for non-UDM-based UniFi services<\/h2>\n\n\n\n<p>\nSome of the installation methods mentioned above for UDM-base also work on older versions of UniFi controller. But some methods that used to work no longer work. We go through them below.\n\n<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"keytool_w\">Keytool installation (for Windows)<\/h3>\n\n\n\n<p> This is almost exactly the same <a href=\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#keytool\">as it is on Linux<\/a>. Just upload the files to the server and install them in the keystore using keytool commands. However, in contrast to Linux servers, on Windows, you need to include the full path to a file while running an application. Unless the file is in the same folder as where you\u2019re running a command, you need to use the full path to keytool.exe, certificate files, and the keystore <\/p>\n\n\n\n<p>Use a command like the following if you want to import the files in a PKCS#7 format: <br><code>\"*Java base folder*\\bin\\keytool.exe\" -import -trustcacerts -alias unifi -file *your certificate*.p7b -keystore \"C:\\Users\\*account username*\\Ubiquiti UniFi\\data\\keystore\"<\/code><br> *Java base folder* is specified when Java is being installed on the server. It\u2019s usually called \u201cC:\\Program Files\\Java\\*Java version*\\\u201d by default. <\/p>\n\n\n\n<p>Another option is to switch to the Java base folder by running this command:<br><code>cd *Java base folder* <\/code><\/p>\n\n\n\n<p> run this to import the file:<br><code>keytool -import -trustcacerts -alias unifi -file \u201cC:\\Users\\*account username*\\Ubiquiti UniFi\\*your certificate*.p7b\u201d -keystore \u201cC:\\Users\\*account username*\\Ubiquiti UniFi\\data\\keystore\u201d <\/code><\/p>\n\n\n\n<p>Close and restart UniFi by using the application icon. <\/p>\n\n\n\n<p>Run the following commands if UniFi is configured as a Windows service: <br><code>net stop \"UniFi Controller\"<\/code><br><code>net start \"UniFi Controller\"<\/code><\/p>\n\n\n\n<p> Now, the certificate should be installed. <\/p>\n\n\n\n<p>If you want to import PEM certificates, follow the instructions in the <a href=\"#PEM\">Importing PEM<\/a>, making sure to specify the full path to the files in every command.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"pfx_keystore\">Importing PFX files using Keystore Explorer<\/h3>\n\n\n\n<p>\nIf you want to import PFX files on UniFi on Windows, the <strong>easiest way<\/strong> to do it is by using&nbsp; \u201c<a href=\"http:\/\/keystore-explorer.org\/\">Keystore Explorer<\/a>\u201d. It\u2019s also possible to use it on Linux\/Mac OS, but it works best on Windows.\n\n<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>In <strong>Keystore Explorer<\/strong>, open the current keystore file, either by using the default password <strong>aircontrolenterprise <\/strong>or another one used by the controller. <p><strong>TIP<\/strong>: Add a custom password by opening the file system.properties:<\/p><code>app.keystore.pass=*password*<\/code> <p>You can find this file in the UniFi base folder\u2019s <strong>data <\/strong>subfolder.<\/p><\/li><li>You need to generate the PFX (PKCS#12) format file by following the instructions in the <a rel=\"noreferrer noopener\" aria-label=\"PFX format section (opens in a new tab)\" href=\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#pfx\" target=\"_blank\">PFX format section<\/a> or by using an online tool (such as <a rel=\"noreferrer noopener\" aria-label=\"our converter (opens in a new tab)\" href=\"https:\/\/decoder.link\/converter\" target=\"_blank\">our converter<\/a>). <p>You\u2019ll need to create a new password for this, different from the UniFi controller password.<\/p><\/li><li>Go back to <strong>Keystore Explorer<\/strong> and delete the <strong>unifi <\/strong>entry once you\u2019ve created your PFX file.<br><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"464\" class=\"wp-image-2907\" style=\"width: 600px;\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_3.png\" alt=\"\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_3.png 716w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_3-300x232.png 300w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_3-150x116.png 150w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li><li>Go to: <strong>Tools &gt;&gt; Import Key Pair &gt;&gt; PKCS12<\/strong>. <br>Find your PFX file and use the password you created.<br><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"467\" class=\"wp-image-2908\" style=\"width: 600px;\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_4.png\" alt=\"\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_4.png 708w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_4-300x233.png 300w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_4-150x117.png 150w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/li><li>Set the <strong>Key Pair Entry Alias<\/strong> to <strong>unifi<\/strong>.<br><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"164\" class=\"wp-image-2909\" style=\"width: 300px;\" src=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_5.png\" alt=\"\" srcset=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_5.png 236w, https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_5-150x82.png 150w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/li><li>Enter the keystore password (which is <strong>aircontrolenterprise <\/strong>unless you changed it in your UniFi settings).<\/li><li>Save it by clicking <strong>File &gt;&gt; Save<\/strong> (or the related button).<\/li><li>Apply the changes by restarting the controller. <p>On Linux: <\/p><code>service unifi restart <\/code><br><p>You\u2019ll need to <em>close <\/em>and <em>restart <\/em>UniFi on Windows using the application icon. Alternatively, if UniFi is configured as a Windows service, you can use these commands:<\/p> <code>net stop \"UniFi Controller\"<\/code> <p><code>net start \"UniFi Controller\"<\/code><\/p><strong>WARNING<\/strong>: The keystore can sometimes become corrupted if there have been numerous imports. If the process fails, only proceed with the PFX import after you <em>delete the original keystore file<\/em> and <em>restart UniFi<\/em> to create a new one.<\/li><\/ol>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"pfx_c_w\">Using command line for PFX file import (Windows)<\/h3>\n\n\n\n<p> This is a similar process to<a href=\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#pfx\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\"> installing an SSL certificate on Linux<\/a>. Generate the PFX file by performing these steps: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Save your <em>certificate <\/em>and <em>private key<\/em> files to the same folder with these file names and extensions:<em> example.p7b<\/em>, <em>example.key<\/em>. In <strong>cmd <\/strong>or <strong>PowerShell<\/strong>, run the command: <p><code>certutil -mergepfx *your certificate*.p7b *your certificate*.pfx<\/code><\/p>Another option is to generate it with OpenSSL by putting the <em>certificate<\/em>, <em>private key<\/em>, and <em>CA-bundle<\/em> in a single folder and running the command:<br><code>*OpenSSL path* pkcs12 -export -out *your certificate*.pfx -inkey *your certificate*.key -in *your certificate*.crt -certfile *your certificate*.ca-bundle -name \"unifi\"<\/code> <p>On Windows, the default OpenSSL path (if it is installed) is \u201cC:\\*OpenSSL version*\\bin\\OpenSSL.exe\u201d.<\/p><\/li><li>Import your new PFX file to the keystore: <p><code>\"*Java base folder*\\bin\\keytool.exe\" -importkeystore -srckeystore *your certificate*.pfx -srcstoretype pkcs12 -srcalias 1 -destkeystore \"C:\\Users\\*account username*\\Ubiquiti UniFi\\data\\keystore\" -deststoretype jks -destalias unifi -deststorepass *password*<\/code><\/p>*Java base folder* will have been specified when Java was installed on the server. The folder is generally called \u201cC:\\Program Files\\Java\\*Java version*\\\u201d by default.<\/li><li>You\u2019ll need to <em>close <\/em>and <em>restart <\/em>UniFi on Windows using the application icon. Alternatively, if UniFi is configured as a Windows service, you can use these commands: <p><code>net stop \"UniFi Controller\"<\/code><\/p><code>net start \"UniFi Controller\"<\/code><\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"features\">Unifi SSL security features\n<\/h3>\n\n\n\n<p>\nAlthough the following list doesn\u2019t involve setting up your SSL, it features useful tips for SSL configuration and general site security.\n\n<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Although you can successfully import the files to your server, <a rel=\"noreferrer noopener\" aria-label=\"ECC certificates (opens in a new tab)\" href=\"https:\/\/www.namecheap.com\/support\/knowledgebase\/article.aspx\/9503\/38\/what-is-an-ecc-elliptic-curve-cryptography-certificate\" target=\"_blank\">ECC certificates<\/a> won\u2019t work on Unifi.<\/li><li>Unifi doesn\u2019t support <a rel=\"noreferrer noopener\" aria-label=\"Server Name Indication (SNI) (opens in a new tab)\" href=\"https:\/\/www.ssls.com\/knowledgebase\/what-is-sni-technology\/\" target=\"_blank\">Server Name Indication (SNI)<\/a>.<\/li><li>Newer versions of UniFi starting from 4.x have <strong>HTTPS redirect<\/strong> enabled by default. Check via the UniFi admin panel. You can access it using the http:\/\/ link (this is *hostname*:8080 in system.properties by default). If you have already installed an SSL certificate on UniFi, it will forward you to the https:\/\/ link (https:\/\/*hostname*:8443 by default).<\/li><li>If you want to enable <a rel=\"noreferrer noopener\" aria-label=\"HSTS  (opens in a new tab)\" href=\"https:\/\/en.wikipedia.org\/wiki\/HTTP_Strict_Transport_Security\" target=\"_blank\">HSTS<\/a> on UniFi, do it by modifying the following parameters in the system.properties file: <p><code>unifi.https.hsts=false<\/code> &#8211; enable HSTS by setting it to true<\/p><code>unifi.https.hsts.max_age=*value*<\/code> &#8211;  here, you can set the length of time (in seconds) that you want HSTS to be cached  <p><code>unifi.https.hsts.preload=false<\/code> \u2014 only switch this to true if you don\u2019t want to remove HSTS later. Otherwise, your UniFi hostname will be added to the preload list, and you can only delete it when you request it specifically.<\/p><code>unifi.https.hsts.subdomain=false<\/code> &#8211; if you want to apply an HSTS policy for your main domain and its subdomains, set to true <p>To complete the process, uncomment the strings above, save the file, and restart UniFi. <\/p><\/li><li>Enable your preferred <a rel=\"noreferrer noopener\" aria-label=\"cipher suites (opens in a new tab)\" href=\"https:\/\/en.wikipedia.org\/wiki\/Cipher_suite\" target=\"_blank\">cipher suites<\/a> and <a rel=\"noreferrer noopener\" aria-label=\"SSL\/TLS versions (opens in a new tab)\" href=\"https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security\" target=\"_blank\">SSL\/TLS versions<\/a> on UniFi by using the following parameters in the system.properties file: <p><code>unifi.https.ciphers=cipher1, cipher2, etc.<\/code> &#8211; replacing the cipher1, cipher2 values with the real names of ciphers you wish to enable.<\/p><code>unifi.https.sslEnabledProtocols=protocol1, protocol2, etc.<\/code> &#8211; replacing the rotocol1, protocol2 values with the real names of protocols you wish to enable. <p>To complete the process, uncomment the strings above, save the file, and restart UniFi.<\/p>Find the optimal UniFi configurations <a rel=\"noreferrer noopener\" aria-label=\"here (opens in a new tab)\" href=\"https:\/\/cipherlist.eu\/\" target=\"_blank\">here<\/a>.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Installing SSL on UDM-base The standard method with ace.jar Installing with keytool Importing PKCS7 Importing PEM Command line PFX file import SSL installation on UDM-pro SSL installation for non-UDM-based UniFi services Keytool installation (for Windows) Importing PFX files using Keystore Explorer Using command line for PFX file import (Windows) Unifi SSL security features Unifi Dream ..<\/p>\n<div class=\"clear-fix\"><\/div>\n<p><a href=\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/\" title=\"read more...\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-2916","post","type-post","status-publish","format-standard","hentry","category-ssl-installation-instructions"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to install an SSL certificate on Ubiquiti Unifi \u2013 HelpDesk | SSLs.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to install an SSL certificate on Ubiquiti Unifi \u2013 HelpDesk | SSLs.com\" \/>\n<meta property=\"og:description\" content=\"Installing SSL on UDM-base The standard method with ace.jar Installing with keytool Importing PKCS7 Importing PEM Command line PFX file import SSL installation on UDM-pro SSL installation for non-UDM-based UniFi services Keytool installation (for Windows) Importing PFX files using Keystore Explorer Using command line for PFX file import (Windows) Unifi SSL security features Unifi Dream ..Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/\" \/>\n<meta property=\"og:site_name\" content=\"SSL Certificate Knowledgebase | SSLs.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SSLsCom\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-05T16:38:54+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-25T16:03:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png\" \/>\n<meta name=\"author\" content=\"sslbizdev\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@SSLscom\" \/>\n<meta name=\"twitter:site\" content=\"@SSLscom\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"sslbizdev\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"16 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/\"},\"author\":{\"name\":\"sslbizdev\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806\"},\"headline\":\"How to install an SSL certificate on Ubiquiti Unifi\",\"datePublished\":\"2020-02-05T16:38:54+00:00\",\"dateModified\":\"2022-08-25T16:03:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/\"},\"wordCount\":2851,\"publisher\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png\",\"articleSection\":[\"SSL Installation instructions\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/\",\"name\":\"How to install an SSL certificate on Ubiquiti Unifi \u2013 HelpDesk | SSLs.com\",\"isPartOf\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png\",\"datePublished\":\"2020-02-05T16:38:54+00:00\",\"dateModified\":\"2022-08-25T16:03:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#primaryimage\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png\",\"contentUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ssls.com\/knowledgebase\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to install an SSL certificate on Ubiquiti Unifi\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#website\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/\",\"name\":\"SSL Certificate Knowledgebase | SSLs.com\",\"description\":\"SSL Knowledgebase | SSLs.com\",\"publisher\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ssls.com\/knowledgebase\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#organization\",\"name\":\"SSLs.com\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png\",\"contentUrl\":\"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png\",\"width\":400,\"height\":400,\"caption\":\"SSLs.com\"},\"image\":{\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SSLsCom\",\"https:\/\/x.com\/SSLscom\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806\",\"name\":\"sslbizdev\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g\",\"caption\":\"sslbizdev\"},\"url\":\"https:\/\/www.ssls.com\/knowledgebase\/author\/sslbizdev\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to install an SSL certificate on Ubiquiti Unifi \u2013 HelpDesk | SSLs.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/","og_locale":"en_US","og_type":"article","og_title":"How to install an SSL certificate on Ubiquiti Unifi \u2013 HelpDesk | SSLs.com","og_description":"Installing SSL on UDM-base The standard method with ace.jar Installing with keytool Importing PKCS7 Importing PEM Command line PFX file import SSL installation on UDM-pro SSL installation for non-UDM-based UniFi services Keytool installation (for Windows) Importing PFX files using Keystore Explorer Using command line for PFX file import (Windows) Unifi SSL security features Unifi Dream ..Read more","og_url":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/","og_site_name":"SSL Certificate Knowledgebase | SSLs.com","article_publisher":"https:\/\/www.facebook.com\/SSLsCom","article_published_time":"2020-02-05T16:38:54+00:00","article_modified_time":"2022-08-25T16:03:58+00:00","og_image":[{"url":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png","type":"","width":"","height":""}],"author":"sslbizdev","twitter_card":"summary_large_image","twitter_creator":"@SSLscom","twitter_site":"@SSLscom","twitter_misc":{"Written by":"sslbizdev","Est. reading time":"16 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#article","isPartOf":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/"},"author":{"name":"sslbizdev","@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806"},"headline":"How to install an SSL certificate on Ubiquiti Unifi","datePublished":"2020-02-05T16:38:54+00:00","dateModified":"2022-08-25T16:03:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/"},"wordCount":2851,"publisher":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#organization"},"image":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png","articleSection":["SSL Installation instructions"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/","url":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/","name":"How to install an SSL certificate on Ubiquiti Unifi \u2013 HelpDesk | SSLs.com","isPartOf":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#primaryimage"},"image":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png","datePublished":"2020-02-05T16:38:54+00:00","dateModified":"2022-08-25T16:03:58+00:00","breadcrumb":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#primaryimage","url":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png","contentUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2020\/02\/Unifi_1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.ssls.com\/knowledgebase\/installing-an-ssl-certificate-on-ubiquiti-unifi\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ssls.com\/knowledgebase\/"},{"@type":"ListItem","position":2,"name":"How to install an SSL certificate on Ubiquiti Unifi"}]},{"@type":"WebSite","@id":"https:\/\/www.ssls.com\/knowledgebase\/#website","url":"https:\/\/www.ssls.com\/knowledgebase\/","name":"SSL Certificate Knowledgebase | SSLs.com","description":"SSL Knowledgebase | SSLs.com","publisher":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ssls.com\/knowledgebase\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.ssls.com\/knowledgebase\/#organization","name":"SSLs.com","url":"https:\/\/www.ssls.com\/knowledgebase\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/","url":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png","contentUrl":"https:\/\/www.ssls.com\/knowledgebase\/wp-content\/uploads\/2019\/07\/8WCg7Uph_400x400-1.png","width":400,"height":400,"caption":"SSLs.com"},"image":{"@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SSLsCom","https:\/\/x.com\/SSLscom"]},{"@type":"Person","@id":"https:\/\/www.ssls.com\/knowledgebase\/#\/schema\/person\/7e29a188929740c7a59d9a1c15c18806","name":"sslbizdev","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b43c2e48b8cf4c353e91aa8232dac0c56e490f3f1eff58a7652c7d9a866e3f66?s=96&d=mm&r=g","caption":"sslbizdev"},"url":"https:\/\/www.ssls.com\/knowledgebase\/author\/sslbizdev\/"}]}},"publishpress_future_action":{"enabled":false,"date":"2026-07-01 14:45:31","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/2916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/comments?post=2916"}],"version-history":[{"count":8,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/2916\/revisions"}],"predecessor-version":[{"id":6098,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/posts\/2916\/revisions\/6098"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/media?parent=2916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/categories?post=2916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/knowledgebase\/wp-json\/wp\/v2\/tags?post=2916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}