Importing SSL certificates with own, self-signed CA according to Ubiquity docs fails. It have to be done manually.
REMARK: After upgrade all changes will be lost.
You should consider making backup, really
Generate certificates, e.g. with easy-rsa. Pack certs into pkcs12 and upload them to the controller:
openssl pkcs12 -export -in unifi.crt -inkey unifi.key -out unifi.p12 -name unifi -CAfile ca.crt -caname root scp unifi.p12 unifi:/tmp/
Connect with SSH to Unifi Cloud Key and rewrite keystore:
mv /etc/ssl/private/unifi.keystore.jks /tmp/keystore.bak keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /etc/ssl/private/unifi.keystore.jks -srckeystore /tmp/unifi.p12 -srcstoretype PKCS12 -srcstorepass aircontrolenterprise -alias unifi
Next, restart unifi controller:
Just copy your certs over default nginx ones:
Connect with SSH to Unifi Cloud Key and restart nginx server:
Certs with keystore are placed in
/etc/ssl/private/unifi.keystore.jksand it's rewritten automatically
/etc/ssl/private/cert.tarthere is backup of self signed certs and keystore
I did it long time ago and I've doropped this idea eventually. It worked for me on Unifi Controller v5.9.32 and CloudKey firmware v0.12.1. YMMV.