Import SSL certificates into UniFi controller

import_ssl_certificates.sh

#!/usr/bin/env bash

################################################################################
# VERSION 1
################################################################################

# UniFi Controller SSL Certificate Import Script for Unix/Linux Systems
# by Steve Jenkins <http://www.stevejenkins.com/>
# Part of https://github.com/stevejenkins/ubnt-linux-utils/

# UniFi configuration.
UNIFI_SERVICE=unifi
UNIFI_DIR=/var/lib/unifi
JAVA_DIR=/usr/lib/unifi

# Keystore configuration.
ALIAS=unifi
PASSWORD=aircontrolenterprise
KEYSTORE=${UNIFI_DIR}/keystore

# Certificate configuration.
LE_LIVE_DIR=/config/ssl
PRIV_KEY=${LE_LIVE_DIR}/privkey.pem
CHAIN_FILE=${LE_LIVE_DIR}/fullchain.pem
SIGNED_CRT=${LE_LIVE_DIR}/cert.pem  # unifi.crt
P12_CERT=${LE_LIVE_DIR}/privkey.pfx  # .p12
P12_ALIAS="1"

################################################################################

printf "\nStarting UniFi Controller SSL Import...\n"

printf "\nCreating non-destructive backup as keystore.bak...\n"
cp "${KEYSTORE}" "${KEYSTORE}.bak"

printf "\nRemoving previous certificate data from UniFi keystore...\n"
keytool -delete \
  -alias "${ALIAS}" \
  -deststorepass "${PASSWORD}" \
  -keystore "${KEYSTORE}"

printf "\nImporting SSL certificate into UniFi keystore...\n"
keytool -importkeystore \
  -destkeystore "${KEYSTORE}" \
  -deststorepass "${PASSWORD}" \
  -destkeypass "${PASSWORD}" \
  -deststoretype PKCS12 \
  -srckeystore "${P12_CERT}" \
  -srcstoretype PKCS12 \
  -srcstorepass "" \
  -alias "${P12_ALIAS}" \
  -trustcacerts

printf "\nRenaming source alias to destination alias...\n"
keytool -changealias \
  -keystore "${KEYSTORE}" \
  -keypass "${PASSWORD}" \
  -storepass "${PASSWORD}" \
  -alias "${P12_ALIAS}" \
  -destalias "${ALIAS}"

printf "\nJava import...\n"
java -jar lib/ace.jar import_cert ${SIGNED_CRT} ${CHAIN_FILE} ${PRIV_KEY}

printf "\nDone!\n"

exit 0

################################################################################
# VERSION 2
################################################################################

# UniFi configuration.
UNIFI_DIR=/usr/lib/unifi

# Keystore configuration.
ALIAS=unifi
PASSWORD=aircontrolenterprise
KEYSTORE=${UNIFI_DIR}/keystore

# Certificate configuration.
CERT_DIR=/config/ssl
PRIV_KEY=${CERT_DIR}/privkey.pem
CHAIN_FILE=${CERT_DIR}/fullchain.pem
SIGNED_CRT=${CERT_DIR}/cert.pem
P12_CERT=${CERT_DIR}/privkey.pfx
P12_ALIAS="1"
P12_PASSWORD=""

################################################################################

printf "\nImporting SSL certificate into UniFi keystore...\n"
keytool -importkeystore \
  -srckeystore "${P12_CERT}" \
  -srcstoretype pkcs12 \
  -srcalias "${P12_ALIAS}" \
  -srcstorepass "${P12_PASSWORD}" \
  -destkeystore "${KEYSTORE}" \
  -deststoretype jks \
  -destalias "${ALIAS}" \
  -deststorepass "${PASSWORD}" \
  -v

printf "\nRestarting service...\n"
# service ${UNIFI_SERVICE} restart


################################################################################
# VERSION 3
################################################################################

# UniFi configuration.
USR_DIR=/usr/lib/unifi
VAR_DIR=/var/lib/unifi

# Keystore configuration.
ALIAS=unifi
PASSWORD=aircontrolenterprise
KEYSTORE=${USR_DIR}/keystore
KEYSTORE_VAR=${VAR_DIR}/keystore

# Certificate configuration.
CERT_DIR=/config/ssl
PRIV_KEY=${CERT_DIR}/privkey.pem
CHAIN_FILE=${CERT_DIR}/fullchain.pem
SIGNED_CRT=${CERT_DIR}/cert.pem

P12_CERT=${USR_DIR}/ssl/privkey.pfx

printf "\nCreating P12 file from certificates...\n"
openssl pkcs12 -export \
  -out ${P12_CERT} \
  -inkey ${PRIV_KEY} \
  -in ${CHAIN_FILE} \
  -certfile ${SIGNED_CRT} \
  -password pass:${PASSWORD} \
  -name "${ALIAS}"

printf "\nChecking P12 keystore data...\n"
keytool -list \
  -keystore ${P12_CERT} \
  -storetype pkcs12 \
  -storepass ${PASSWORD}

printf "\nImporting SSL certificate into UniFi keystore...\n"
keytool -importkeystore \
  -srcstoretype pkcs12 \
  -srckeystore ${P12_CERT} \
  -srcstorepass "${PASSWORD}" \
  -srcalias ${ALIAS} \
  -keystore ${KEYSTORE} \
  -deststorepass "${PASSWORD}" \
  -destalias ${ALIAS} \
  -v


printf "\nDuplicating keystore in ${KEYSTORE_VAR}...\n"
cp ${KEYSTORE} ${KEYSTORE_VAR}

# printf "\nRestarting service...\n"
# service unifi restart

################################################################################
# VERSION 4
################################################################################

# UniFi configuration.
USR_DIR=/usr/lib/unifi
VAR_DIR=/var/lib/unifi

# Keystore configuration.
ALIAS=unifi
PASSWORD=aircontrolenterprise
KEYSTORE=${VAR_DIR}/keystore

# Certificate configuration.
DOMAIN=subdomain.mydomain.com  # This is a placeholder, not the real value.
CERT_DIR=/config/ssl
PRIV_KEY=${CERT_DIR}/privkey.pem
CHAIN_FILE=${CERT_DIR}/fullchain.pem
SIGNED_CRT=${CERT_DIR}/cert.pem
P12_CERT=${USR_DIR}/ssl/fullchain.p12

printf "\nCreating P12 file...\n"
openssl pkcs12 -export \
  -inkey ${PRIV_KEY} \
  -in ${CHAIN_FILE} \
  -out ${P12_CERT} \
  -name ${ALIAS} \
  -password pass:${PASSWORD}

printf "\nImporting SSL certificate into UniFi keystore...\n"
keytool -importkeystore \
  -deststorepass ${PASSWORD} \
  -destkeypass ${PASSWORD} \
  -destkeystore ${KEYSTORE} \
  -srckeystore ${P12_CERT} \
  -srcstoretype PKCS12 \
  -srcstorepass ${PASSWORD} \
  -alias ${ALIAS} \
  -noprompt \
  -v

# printf "\nRestarting image...\n"
# docker restart unifi