CSR generation on Ubiquiti Unifi

A CSR (Certificate Signing Request) is a block of code that is submitted during the SSL activation in your Namecheap account. It contains encrypted information about your company/business and domain name

Default process of the CSR generation on UniFi controller software is quite simple; it can be done with a few standard commands:

  1. Connect to your server where the controller is installed through the command prompt.

    • On Linux-based servers, you can use Putty (for Linux- or Windows-based machines) or a similar application
    • On MacOS, run the Terminal application
    • On Windows server, connect via remote desktop (if needed) and run cmd or PowerShell

    IMPORTANT: Ensure you start the application with administrator rights on Windows/have root or sudo user access on Linux/MacOS.

    To run the application as administrator on Windows, you can right-click the program icon and choose Run as administrator option or do it this way:

    Properties > Compatibility > mark the Run this program as as an administrator > OK.

    To enable sudo access on Linux-based systems, run:

    sudo su -

  2. To go to the UniFi controller main folder, run:

    cd *Unifi base folder*

    The *Unifi base folder* needs to be replaced with the following:

    • On UniFi Cloud Key, Ubuntu, and other Debian-based Linux distributions: /usr/lib/unifi/
    • On CentOS, RedHat, Fedora, and other RHEL Linux distributions: /opt/unifi/
    • On MacOS: ~/Library/Application Support/UniFi
    • On Windows: "%USERPROFILE%/Ubiquiti Unifi"

    You can also use: “C:\Users\*account username*\Ubiquiti UniFi”

  3. To generate the CSR code, run:

    java -jar lib/ace.jar new_cert example.com “Company name” “Locality” “State” CC

    • Replace example.com with your actual domain name or subdomain for UniFi (the common name for the certificate)
    • Company name: use your company/organization name or put NA (Not Applicable)
    • Locality: use your city, town or other locality name
    • State: use your state or province name or put the same value as Locality
    • CC (country code): use the appropriate 2-letter country code from here

    HELPFUL TIP: If any of the values contains more than one word, put them in quotes. Otherwise, UniFi will consider a second word to be a value of the next field (it will show no errors).

    IMPORTANT: When creating a wildcard CSR on UniFi (with a domain name like *.example.com), UniFi puts the domain name (subdomain) specified in the host value to an Organization unit field. This may cause issues during activation as “*” is not considered an alphanumeric symbol.

    The CSR file with a name unifi_certificate.csr.pem will be created in the data subfolder of the UniFi base folder.

    • On Linux/MacOS, you can open it with a command: cat /data/unifi_certificate.csr.pem
    • On Windows, go to the data subfolder > right-click on the file > Open with > choose Notepad or any other text editor.

    NOTE: On Debian-based Linux distributions, all related files are also duplicated in /var/lib/unifi folder.

    IMPORTANT: The private key for the certificate will be saved in the default UniFi keystore in the file /data/keystore/ (or simply keystore, depending on the system).

    Use the text code from the file during the certificate activation.

Updated
Viewed
9556 times

Need help? We're always here for you.