info_i_25x25.png See important information about Ubiquiti Devices and KRACK Vulnerability in this article. We will update this document as more information becomes available.

airMax - Replace SSL Certificate to Remove Security Alert

Overview


airOS 5.5+ and airOS 7 come by default with HTTPS enabled (instead of HTTP), because of that you will see a security alert every time you access the unit's Web UI. That doesn't compromise device's security, but it could be a little bit uncomfortable for some users. If you want to remove this security alert you will need to replace the existing certificate with a trusted certificate, you can get one from any Web hosting provider, most of them offer SSL certificates.

Steps to Replace the Certificate


1) Upload your trusted certificate/key files (server.crt and server.key) to the /etc/persistent/https directory in your airOS device. Make sure server.crt and server.key are for the correct device host name and IP (http://en.wikipedia.org/wiki/Https). 

 Example: Assuming you have server.crt and server.key file on your local machine in the /etc/https directory: 
scp -r /tmp/https ubnt@<device ip>:/etc/persistent/https 

2) To save these changes to persistent memory:
ssh to device and execute 
save; reboot -f 

After reboot web server will use new signed cert. 


Note: if files are invalid (bad format or something) there will be no access to the web server. 
To clean up them do from cmd: rm -fr /etc/persistent/https; save; reboot -f