Ubuntu 16.04.1 LTS UniFi Beta Controller with Wildcard SSL

This article covers how to install UniFi Beta from a .deb file for Ubuntu Server (so command line only), and how to install a WildCard SSL into UniFi. This article does not cover installing Ubuntu and applying updates.

If you already have a controller, confirm you have a backup of your controller to restore your sites and data!

Controller > Maintenance > Backup > Download

 

 

Obtain Putty, a SSH tool to remote into your server with copy/paste functionality

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Installing UniFi Base Packages

Run the following code to install UniFi. Note that unifi-rapid and unifi-beta are no longer used, Ubiquiti changed to the single release and if you want a specific version you can install it yourself with the .deb file (below)

#Make your session administrative
sudo -i

#Open a text editor to allow UniFi to be downloaded from the repository
nano /etc/apt/sources.list

#Go to the bottom of the list with the arrow keys, and paste in (through putty, it's Right-Click)
deb http://www.ubnt.com/downloads/unifi/debian unifi5 ubiquiti
deb http://www.ubnt.com/downloads/unifi/distros/deb/debian debian ubiquiti
#Save (Ctrl + X, Y for Yes)

#Add the Ubiquiti GPG Signed Keys to allow you to install their software
apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50
apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10

#Refresh the repositories (download sources)
apt-get update

#Install from the repositories
apt-get install unifi

 

Upgrading to UniFi Beta with .DEB Image

Sign up for the UniFi Beta community forums. Check the blog to get the newest update packages.

http://community.ubnt.com/t5/UniFi-Beta-Blog/bg-p/Blog_UniFi_Beta

Find the release you want, most likely the newest, and copy the URL of the .deb file.

 

Putty into your server, and run the following code to install UniFi, then upgrade to the Beta.

#Make your session administrative
sudo -i
#Download your .deb file to the /tmp directory
cd /tmp
wget https://www.ubnt.com/downloads/unifi/5.2.5-6914faba/unifi_sysvinit_all.deb

#Wait for download to complete, then unpackage and install
dpkg -i unifi_sysvinit_all.deb

#Clean up the mess, delete the old .deb file
rm unifi_sysvinit_all.deb

 

Applying the SSL Certificate

The scope of this guide does not cover how to create a CSR and obtain your wildcard certificate. Once you have exported your certificate keychain (with private key) as a PKCS #12, these instruction will APPLY the key to your UniFi controller.

By default, UniFi installs inself to /var/lib/unifi

In here is the file “keystore”, that contains the self-signed “UniFi” SSL certificate.

  1. Download Keystore Explorer
  2. Create a new keystore – JKS (OpenSSL)
  3. Tools > Import Key Pair – PKCS #12 > Browse to PFX Wildcard Cert
  4. Decrypt with private key password
  5. Encrypt NEW keystore with the password “aircontrolenterprise”
  6. File > Save As > “keystore”
  7. FTP file to your UniFi box, I recommend Filezilla to connect via sftp://192.168.1.X on port 22.
  8. Transfer the file to your home directory /home/username, since /var/lib/unifi is protected
  9. Connect via Putty > sudo -i > [password] > cd /var/lib/unifi
  10. Stop the service: service unifi stop
  11. Create a backup file: mv keystore keystore.orig
  12. Move your newly encrypted keystore: cd /home/username > cp keystore /var/lib/unifi/keystore
  13. Reboot the Linux OS, when the UniFi controller starts up it will auto import the file keystore and apply it to web services, giving you that nice shiny HTTP green lock 🙂

 

Leave a Reply

Your email address will not be published. Required fields are marked *