Got tired of seeing the UniFi controller java service running https but not trusted on localhost.
And almost have a solution. Found a solution, but it wasn’t easy.
Follow the CertSimple instructions to use Mac OS X Keychain Access to generate self-signed certificates for localhost. In Step 3, make sure to export both the localhost certificate (as .pem) and the localhost private key (select .p12 from drop down and then convert as per the openssl command in Step 3 OR export as .pem) from within Keychain Access.
service unifi stop as in the Ubiquiti Network Community instructions (which are for a linux system), for Mac OS X, simply quit the UniFi app in order to stop the service. Alternatively, from the command line:
$ java -jar /Applications/UniFi.app/Contents/Java/ace.jar stop
Here are the commands that I used based on the Community page. I put the files on the Desktop for easy finding (from the command line natch).
$ sudo openssl pkcs12 -export -passout pass:aircontrolenterprise \ -in ~/Desktop/localhost-cert.pem -inkey ~/Desktop/localhost-key.pem \ -out ~/Desktop/localhost -name unifi \ -CAfile ~/Desktop/localhost_CAcert.pem -caname root $ sudo keytool -delete -alias unifi \ -keystore ~/Library/Application\ Support/UniFi/data/keystore \ -deststorepass aircontrolenterprise $ sudo keytool -trustcacerts -importkeystore \ -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise \ -destkeystore ~/Library/Application\ Support/UniFi/data/keystore \ -srckeystore ~/Desktop/localhost -srcstoretype PKCS12 \ -srcstorepass aircontrolenterprise -alias unifi
Unfortunately, I’m running into an error where the certificate is not getting imported into the keystore.
$ sudo java -jar /Applications/UniFi.app/Contents/Java/ace.jar \ import_cert ~/Desktop/localhost-cert.pem ~/Desktop/localhost-CAcert.pem \ ~/Desktop/localhost Unable to import the certificate into keystore
Hurrah! Found the answer.
Troubleshooting If the error "Unable to import certificate into keystore" appears when importing the signed certificate & intermediate certs, try the following steps: 1. Edit the certificate file and remove any blank spaces after each line of the cert.
And that did it.
$ sudo java -jar /Applications/UniFi.app/Contents/Java/ace.jar import_cert ~/Desktop/localhost-cert.pem ~/Desktop/localhost-CAcert.pem ~/Desktop/localhost parse localhost-CAcert.pem (PEM, 1 certs): CN=localhost Certification Authority parse localhost, 0 certs found parse localhost-cert.pem (PEM, 1 certs): CN=localhost Importing signed cert[localhost] Certificates successfuly imported. Please restart the UniFi Controller.
But still doesn’t work completely because it’s self-signed. I guess if I want that green lock then I’ll have to go get a real cert.
And for reference:
$ java -jar /Applications/UniFi.app/Contents/Java/ace.jar Usage: java -jar lib/ace.jar
[...] start : start the UniFi controller stop : stop the UniFi controller info : display some information installsvc/startsvc/uninstallsvc/stopsvc : install/start/stop as a Windows service new_cert : create new certificate (with csr) import_cert [ ...] : import the signed certificate and ca cert