Hello everyone,
WHERE IS THE CAPTIVE PORTAL CERTIFICATE? OR WHERE IS IT SPECIFIED WHICH CERTIFICATE IT USES IN THE UNIFI KEY? (SSH files where is it?)
I’ve successfully installed a let’s encrypt certificate, key and generated a keystore with a p12 file which is necessary for unifi key.
Here is what I’ve gathered:
Create crt, key and make sure the crt has all the chains from let’s encrypt.
Generate a p12 file based on the prior crt and key.
Transfer these three files to unifi, and change the permissions and groups appropriately (Based on the prior crt, key and eventually keystore)
Import the keystore from the p12 file.
Reload and restart the unifi key.
At this point you are done, certificate is good for 90, you can automate this with pfsense/ACME, transfer the crt files to unifi using ssh and have another sh script to run every weekend and look for the newest files.
You need an internal DNS to point unifi.mydomain.com to your unifi key
At this point you can wait for DNS propagation and then go to unifi.mydomain.com which will return an HTTPS page with the certficate you provided ALL GOOD.
------------------CAPTIVE PORTAL---------------------
You’d think you are done, but if you want to enable captive portal THEN YOU ARE NOT.
Make sure to enable ports required to access the captive portal in your unifi key, meaning open ports in your unifi key (8880, 8843 and a few more I belive).
Configure captive portal to use HTTPS.
NOW HERE IS THE TRICKY PART. You would expect to be redirected to unifi.mydomain.com:8843? WELL YES IT DOES.
HOWEVER, you will notice that the connection is insecure. IT IS NOT USING THE CERTIFICATE YOU PROVIDED, IT’S USING UNIFI’S SELF ASSIGNED CERTIFICATE FOR SOME REASON.
My question is: WHERE IS THIS CERTIFICATE? I already replaced the default /data/unifi/data/keystore
/data/unifi-core/config/unifi-core.crt
/data/unifi-core/config/unifi-core.key
/data/unifi-core/config/unifi-core.p12 (Generated from the crt and the key).
Where is it getting this certificate from? And most importantly WHY IS IT NOT USING THE SAME CRT FROM THE LANDING PAGE?