tkrn's blog

random thoughts at best

Menu
  • GitHub repo
  • The Hardware
  • tkrn’s archive
  • OpenPGP Key
  • stack overflow
Menu
UniFi Video Banner

Custom SSL Certificate Installation for UniFi Video

Posted on October 4, 2018December 11, 2024 by tkrn

This article assumes that you have already have a certificate, a corresponding private key and the certificate authority certificate. This guide will not guide you on making a CA, certificates or singing a certificate. I would recommend using a OpenSSL wrapper tool such as EasyRSA for certificate management.

The following steps assumes the following:

  • You’re logged in via Putty and you are running as root
  • The certificate is located in /etc/ssl/certs
  • The private key is located in /etc/ssl/private
  • The CA certificate is located in /etc/ssl/certs
  • UniFi Video is installed into the default location: /var/lib/unifi-video/

Stop the UniFi Video Service:

service unifi-video stop

Make a backup of the original keystore for fall back purposes:

cp /var/lib/unifi-video/keystore /var/lib/unifi-video/keystore.bak

Using openssl create a pkcs12 public/private key pair with CA certificate:

openssl pkcs12 -export -in /etc/ssl/certs/nvr.pem -inkey /etc/ssl/private/nvr.key \
-out /etc/ssl/private/nvr.p12 -name airvision \
-CAfile /etc/ssl/certs/my-ca-authority.crt -caname root -password pass:ubiquiti

Parameters:

-in Certificate file
-inkey Corresponding private key file
-out The combined certificate file
-name Internal alias for the generated certificate file (do not change for UniFi Video)
-CAfile Certificate Authority certificate
-caname Certificate Authority alias (do not change for UniFi Video)
-password Password for generated certificate file (do not change for UniFi Video)

Using the keytool to import (and create) the new keystore with your certificate:

keytool -importkeystore \
-deststorepass ubiquiti -destkeypass ubiquiti -destkeystore /var/lib/unifi-video/keystore \
-srckeystore /etc/ssl/private/nvr.p12 -srcstoretype PKCS12 -srcstorepass ubiquiti \
-alias airvision

Parameters:

-deststorepass Destination keystore password (do not change for UniFi Video)
-destkeypass Destination private key password (do not change for UniFi Video)
-srckeystore Source keystore (the -out parameter from openssl)
-srcstoretype Source certificate type (the type of certificate output) the openssl command generated
-srcstorepass Source keystore password (as defined in previous command)
-alias Alias for the new certificate (do not change for UniFi Video)

Enable custom certificates in the system.properties:

echo "ufv.custom.certs.enable=true" >> /var/lib/unifi-video/system.properties

Ensure the new keystore has the proper ownership and permissions:

chown unifi-video:unifi-video /var/lib/unifi-video/keystore
chmod 640 /var/lib/unifi-video/keystore

Start the UniFi Video service:

service unifi-video start

After all of this, you should have successfully replaced your UniFi Video SSL certificate. Please let me know if you have any questions!

Related

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Posts

  • Nextcloud Virtual File System VFS on Ubuntu 24.10, 24.04, 22.04
  • Site-to-Site OpenVPN between OPNsense and Ubiquiti EdgeRouter EdgeOS
  • Debrand a Dell EMC VxRail Node to a PowerEdge Server
  • HPE ssacli on TrueNAS SCALE
  • Set child encrypted ZFS datasets to inherit the parent – Scripted Fix!

Categories

  • Arcade
  • Development
  • FreeNAS/ZFS
  • Sysadmin
  • Tinkering
  • Uncategorized
©2025 tkrn's blog | Theme by SuperbThemes