![]() If you have questions on how to use KeyStore Explorer, contact the maintainers of that software at. Despite using a GUI, you should still understand the basics of Java Keystore files, keys, and certificates before using this tool. KeyStore Explorer (3rd party) - If you prefer a graphical user interface (GUI), Keystore Explorer is an option that performs all the operations of keytool and more.For more information, see the Oracle documentation for Linux or Microsoft Windows. The examples in this guide will use keytool. Keytool (standard) - The keytool command-line program comes with the Java Development Kit ( JDK).Define common error messages seen with secure communication and provide steps towards resolution.Ī special tool is required that can manipulate Java Keystore files.Understand best practice approaches for configuring keypairs, certificates, and trust stores for inbound and outbound connections to the IQ Server.Describe how TLS works in Java applications in general and the common tools used during configuration.Understand what TLS/SSL is and how certificates work.This guide shows you how to set up secure connections to and from the IQ Server by helping you: The configuration process is not automated but can be understood and implemented using best practices. Save the keystore file and copy it to the Unifi controller.Using Transport Layer Security ( TLS/SSL) based connection is an important step in securing data moving through IQ Server. This should be the password you have set in the Unifi controller (aircontrolenterprise). Locate the PFX file and give the password you gave during creation of the pfx file.Īnd provide the new password. Now switch back to keystore explore and delete the unifi entry.Ĭlick: Tools –> Import Key Pair –> PKCS12. This could be different than the password used in the Unifi controller. The command to create the PKCS12 file is: openssl pkcs12 -export -in. If you don’t have already please install openssl. Now we need to create a PFX (PKCS12) file which holds the just created cer file and the key file. Note: You don’t have to provide the Root CA certificate as this should already be present on the endpoints connecting to your Unifi controller. Start with your own SSL certificate and follow the chain up to the Root CA. If you have more than 1 intermedate certificate just add them all. Paste the certificate followed by the intermediate certificate(s). Open a new text file in notepad, or your favorite text editor. If you can open the file with the given password we need to replace the current self-signed certificate with your own certificate.įirst create 1 cer file which holds the certificate and intermediate certificate(s). try to open this file in keystore explorer with the correct password.Restart the controller and there will be a new keystore file generated.Note: You could also choose your own password here Edit /usr/lib/unifi/data/system.properties and add line: =aircontrolenterprise.Rename current keystore file so the controller can’t use it anymore (or just delete it).If you can’t open it with password: aircontrolenterprise then you need to make sure the controller is using this password. Open the current keystore file in “ Keystore Explorer“. The keystore file is located in: /usr/lib/unifi/data (Linux) or %UserProfile%/Ubiquiti Unifi (Windows). The keystore file must have alias: unifi.The keystore file must have password: aircontrolenterprise (can be changed). ![]() In this file the whole certificate chain and key file must be included The controller works with a keystore file.But they made it a bit to complex □ Read article.įirst let me explain what kind of certificate the Unifi controller wants to have: ![]() ![]() Ubiquiti has a little article on the site how to add yout own ssl certificate to your Unifi controller. Published by Jeroen Tielen on JJune 4, 2018 Ubiquiti Unifi Controller SSL Certificate creation process ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |