CSR generation on Ubiquiti Unifi
A CSR (Certificate Signing Request) is a block of code that is submitted during the SSL activation in your Namecheap account. It contains encrypted information about your company/business and domain name
Default process of the CSR generation on UniFi controller software is quite simple; it can be done with a few standard commands:
- Connect to your server where the controller is installed through the command prompt.
- On Linux-based servers, you can use Putty (for Linux- or Windows-based machines) or a similar application
- On MacOS, run the Terminal application
- On Windows server, connect via remote desktop (if needed) and run cmd or PowerShell
IMPORTANT: Ensure you start the application with administrator rights on Windows/have root or sudo user access on Linux/MacOS.
To run the application as administrator on Windows, you can right-click the program icon and choose Run as administrator option or do it this way:
Properties > Compatibility > mark the Run this program as as an administrator > OK.
To enable sudo access on Linux-based systems, run:
sudo su -
- To go to the UniFi controller main folder, run:
cd *Unifi base folder*
The *Unifi base folder* needs to be replaced with the following:
- On UniFi Cloud Key, Ubuntu, and other Debian-based Linux distributions: /usr/lib/unifi/
- On CentOS, RedHat, Fedora, and other RHEL Linux distributions: /opt/unifi/
- On MacOS: ~/Library/Application Support/UniFi
- On Windows: "%USERPROFILE%/Ubiquiti Unifi"
You can also use: “C:\Users\*account username*\Ubiquiti UniFi”
- To generate the CSR code, run:
java -jar lib/ace.jar new_cert nctest.info “Company name” “Locality” “State” CC
- Replace nctest.info with your actual domain name or subdomain for UniFi (the common name for the certificate)
- Company name: use your company/organization name or put NA (Not Applicable)
- Locality: use your city, town or other locality name
- State: use your state or province name or put the same value as Locality
- CC (country code): use the appropriate 2-letter country code from here
HELPFUL TIP: If any of the values contains more than one word, put them in quotes. Otherwise, UniFi will consider a second word to be a value of the next field (it will show no errors).
IMPORTANT: When creating a wildcard CSR on UniFi (with a domain name like *.nctest.info), UniFi puts the domain name (subdomain) specified in the host value to an Organization unit field. This may cause issues during activation as “*” is not considered an alphanumeric symbol.
The CSR file with a name unifi_certificate.csr.pem will be created in the data subfolder of the UniFi base folder.
- On Linux/MacOS, you can open it with a command: cat /data/unifi_certificate.csr.pem
- On Windows, go to the data subfolder > right-click on the file > Open with > choose Notepad or any other text editor.
NOTE: On Debian-based Linux distributions, all related files are also duplicated in /var/lib/unifi folder.
IMPORTANT: The private key for the certificate will be saved in the default UniFi keystore in the file /data/keystore/ (or simply keystore, depending on the system).
Use the text code from the file during the certificate activation.