UniFi - SSL certificate error upon opening controller page

Problem: Certificate error appears upon visiting the controller page.


Errors like this may appear without a valid SSL certificate when visiting sites on HTTPS.

Possible causes / recommended actions 


1. Missing a valid SSL certificate

UniFi relies on HTTPS for extra security. This means that the browser will check for valid certificates when making a secure connection to the web server. Although the alert message may prove annoying, there's no risk to the connecting user. To avoid this error:

  1. Buy a signed SSL certificate from any web hosting provider.
  2. Then make the following changes to the controller:
    sudo su -
    # cd <unifi_base> 
    # on Windows, "%USERPROFILE%/Ubiquiti Unifi"
    cd /usr/lib/unifi 
    
    # create new certificate (with csr)
    java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>
    
    # your CSR can be found at /var/lib/unifi
    # - unifi_certificate.csr.der
    # - unifi_certificate.csr.pem
    
    # have this CSR signed by a CA, you'll get a few certificates back...
    # copy the signed certificate(s) to <unifi_base>
    
    # import the signed certificate and other intermediate certificates
    java -jar lib/ace.jar import_cert <signed_cert> [<other_intermediate_root_certs>...]

info_i_25x25.png Notes:

  • Once you have created the CSR it can be found in the %USERPROFILE%\Ubiquiti UniFi\data folder. On Mac find it here: /Users/username/Library/Application\ Support/UniFi/data. Not sure where to find <unifi_base>? See this article.
  • Following notes for X509 Subject Alternative Name:
    • If your using windows to generate the certificate make sure within the certificate's  properties window that the alternative name is set as DNS and fill out the value.
    • If your on Ubuntu / Debian and using openssl to generate a certificate, make sure too use the SAN extensions or you will be promoted that the cert is invalid. Which is indication for the mission X509 Subject Alternative Name.

Troubleshooting


If the error "Unable to import certificate into keystore" appears when importing the signed certificate & intermediate certs, try the following steps:

1. Edit the certificate file and remove any blank spaces after each line of the cert.

2. Save changes re-import the certificate. 

2. Adopting UniFi for the first time


This error should not be confused with the one seen when adopting a Cloud Key for the first time for example. This error can safely ignore it by:

1. Click Advanced

2. Click Proceed to <your IP>

Verify if this is your case by seeing our UniFi - How to Setup your Cloud Key and UniFi Access Point (for beginners) article (in step 3.5 of the section 3. Configuring your Cloud Key & Access Point).