CSR generation on Ubiquiti Unifi

A CSR (Certificate Signing Request) is a block of code that is submitted during the SSL activation in your Namecheap account. It contains encrypted information about your company/business and domain name

Default process of the CSR generation on UniFi controller software is quite simple; it can be done with a few standard commands:

  1. Connect to your server where the controller is installed through the command prompt.

    • On Linux-based servers, you can use Putty (for Linux- or Windows-based machines) or a similar application
    • On MacOS, run the Terminal application
    • On Windows server, connect via remote desktop (if needed) and run cmd or PowerShell

    IMPORTANT: Ensure you start the application with administrator rights on Windows/have root or sudo user access on Linux/MacOS.

    To run the application as administrator on Windows, you can right-click the program icon and choose Run as administrator option or do it this way:

    Properties > Compatibility > mark the Run this program as as an administrator > OK.

    To enable sudo access on Linux-based systems, run:

    sudo su -

  2. To go to the UniFi controller main folder, run:

    cd *Unifi base folder*

    The *Unifi base folder* needs to be replaced with the following:

    • On UniFi Cloud Key, Ubuntu, and other Debian-based Linux distributions: /usr/lib/unifi/
    • On CentOS, RedHat, Fedora, and other RHEL Linux distributions: /opt/unifi/
    • On MacOS: ~/Library/Application Support/UniFi
    • On Windows: "%USERPROFILE%/Ubiquiti Unifi"

    You can also use: “C:\Users\*account username*\Ubiquiti UniFi”

  3. To generate the CSR code, run:

    java -jar lib/ace.jar new_cert nctest.info “Company name” “Locality” “State” CC

    • Replace nctest.info with your actual domain name or subdomain for UniFi (the common name for the certificate)
    • Company name: use your company/organization name or put NA (Not Applicable)
    • Locality: use your city, town or other locality name
    • State: use your state or province name or put the same value as Locality
    • CC (country code): use the appropriate 2-letter country code from here

    HELPFUL TIP: If any of the values contains more than one word, put them in quotes. Otherwise, UniFi will consider a second word to be a value of the next field (it will show no errors).

    IMPORTANT: When creating a wildcard CSR on UniFi (with a domain name like *.nctest.info), UniFi puts the domain name (subdomain) specified in the host value to an Organization unit field. This may cause issues during activation as “*” is not considered an alphanumeric symbol.

    The CSR file with a name unifi_certificate.csr.pem will be created in the data subfolder of the UniFi base folder.

    • On Linux/MacOS, you can open it with a command: cat /data/unifi_certificate.csr.pem
    • On Windows, go to the data subfolder > right-click on the file > Open with > choose Notepad or any other text editor.

    NOTE: On Debian-based Linux distributions, all related files are also duplicated in /var/lib/unifi folder.

    IMPORTANT: The private key for the certificate will be saved in the default UniFi keystore in the file /data/keystore/ (or simply keystore, depending on the system).

    Use the text code from the file during the certificate activation.


5902 times


We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close