Debian 8 Jessie – Ubiquiti Unifi Server install with SSL using ssls.com

Debian 8 Jessie – Ubiquiti Unifi Server install with SSL using ssls.com

Introduction:

Something I haven’t found well online is how to install Ubiquiti Unifi server on Debian Jessie 8 with a SSL certificate from ssls.com.

In this demonstration, I’ll be using a VPS server hosted by OVH. I like their services particularly for the price, and the ability to add multiple IP addresses for a 1 time fee of $3.  For $3.49 a month, you can get a 1vcore 2.4GHz processor, 2GB ram, 10GB SSD, unlimited bandwidth server. I prefer Debian over Ubuntu due to the stability.

  1. SSH into your VPS using your favorite SSH program or terminal.
  2. Once logged in, change the password for the root user by issuing the following command;
    sudo passwd root

    Then enter in a root password and confirm by entering it in again.

  3. Switch to the root user by issuing the following command;
    su - root

    It will then ask for the root password that you just created in step 2.

  4. We want to make sure that the VPS is up to date by issuing the following command;
    apt-get update && apt-get upgrade -y
  5. Once the VPS is up to date, we will want to add the Ubiquiti sources for Unifi by issuing the following command;
    nano /etc/apt/sources.list.d/100-ubnt.list

    inside the blank document, you’ll want to add the following;

    deb http://www.ubnt.com/downloads/unifi/debian stable ubiquiti

    To save the file, just press Ctrl X, Y, then Enter.

  6. Next we’ll need to add Ubiquiti’s GPG Keys by issuing the following;
    apt-key adv --keyserver keyserver.ubuntu.com --recv C0A52C50

    Once you issue the command, it should show that it imported 1 key .

  7. To install the Ubiquiti Unifi server and it’s dependencies, we’ll issue the following command;
    apt-get update && apt-get install unifi -y
  8. After the Ubiquiti Unifi server is installed, we’ll create a SSL certificate by moving to the unifi data directory using;
    cd /usr/lib/unifi

    We’ll then be running the following command to create our CSR;

    java -jar lib/ace.jar new_cert unifi.mydomain.dom "My Company Name" City State CC*     
    
    *(cc = 2 letter country code)
    

    One thing to note, make sure to fully spell out the City and State.

  9. Next, we’ll need to copy the CSR to ssls.com website in the CSR field.
    more data/unifi_certificate.csr.pem

    Just copy this into ssls when asked for the CSR.  You’ll then verify ownership of the domain. I typically use the email approval method.  It seems to work the best for me. Once you have the SSL certificate and intermediate certificates, you’ll want to upload them unzipped to the /usr/lib/unifi directory.  There are many ways to do this.  If I’m on a Windows machine, I’ll use WinSCP to copy the files over.

  10. Once all of the SSL certificate files are copied into the /usr/lib/unifi directory, we’ll want to enter in the following;
     java -jar lib/ace.jar import_cert *domain certficiate*.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt

    *Make sure to change *dmain certificate* to whatever the name of your domain certificate is.

  11. To get the Unifi server to listen on port 443, we’ll need to update the system.properties file by;
    nano /usr/lib/unifi/data/system.properties

    We’ll want to add the following line;

    unifi.https.port=443

    right above the uuid line
    To save the file, just press Ctrl X, Y, then Enter.

  12. Lastly all we’ll need to do is restart the unifi server;
    service unifi restart
  13. Wait a couple minuets and try to go to your unifi server by using https://domainname

    Conclusion

  14. SUCCESS! You can now login to your new Ubiquiti Unifi server running a SSL certificate on port 443.
    Ubiquiti Unifi - SSL Cert

Comment below if you have any questions or feedback.

Ubiquiti Unifi ServerDebian Jessie 8

SSLS SSL

 

Ubiquiti Unifi Server Debian Jessie 8 SSLS SSL 

Leave a Reply

Your email address will not be published. Required fields are marked *