We have a "Dream Machine" unit now, in place of the cranky Sophos UTM.
We're not on the new UnifiOS, apparently, still on the old Java rig, even though it didn't gripe about Java when I loaded the UI in Chrome.
We generated a key via the Ubuntu shell. Great, but it wants that and a user/pass. The user is not, as the UI insists, 'Admin'. It's 'root'. And it uses the main Ubiquiti account password. Which it does not in any way tell you is the case. Near as I can tell, the keyfile is to get access to being able to login, somehow, which makes no sense at all.
ssh email@example.com -i .ssh/UDMkey from my Users directory.
We'll need some things:
- A hostname, probably chezsnark.frell.co or something silly, pointed at the public IP. I wish Hover had DynDNS capability.
- A Linux-y environment. Might use the OSMC rig, might use the gethttpsforfree.com site, might use the Ubuntu in Win10. Decisions.
- This Reddit post is giving us a rough guide: https://www.reddit.com/r/Ubiquiti/comments/fe132v/help_installing_a_ssl_certificate_on_udmp/
- Generate cert
- Turn into a p12 file
- Copy p12, crt, and key files to UDM
- SSH into UDM and replace crt & key files (/mnt/data/system/ssl/private/cloudkey.key & /mnt/data/system/ssl/private/cloudkey.crt) after making backups
- While there run this arcane command (note location of p12 file previously uploaded)
/overlay/root_ro/usr/lib/jvm/java-8-openjdk-arm64/jre/bin/keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /mnt/data/unifi/data/keystore -srckeystore /root/unifi.p12 -srcstoretype PKCS12 -alias unifi -srcstorepass <passwordforthisarchive>
- Restart the controller (rm /usr/lib/unifi/data/db/version & /etc/init.d/unifi restart)