A CSR (Certificate Signing Request) is a block of code that is submitted during the SSL activation in your Namecheap account. It contains encrypted information about your company/business and domain name

Default process of the CSR generation on UniFi controller software is quite simple; it can be done with a few standard commands:

1. Connect to your server where the controller is installed through the command prompt.
   
   
   • On Linux-based servers, you can use Putty (for Linux- or Windows-based machines) or a similar application
   • On MacOS, run the Terminal application
   • On Windows server, connect via remote desktop (if needed) and run cmd or PowerShell
     
     

   IMPORTANT: Ensure you start the application with administrator rights on Windows/have root or sudo user access on Linux/MacOS.

   To run the application as administrator on Windows, you can right-click the program icon and choose Run as administrator option or do it this way:

   Properties > Compatibility > mark the Run this program as as an administrator > OK.

   To enable sudo access on Linux-based systems, run:

   sudo su -

2. To go to the UniFi controller main folder, run:
   
   

   cd *Unifi base folder*

   The *Unifi base folder* needs to be replaced with the following:

   • On UniFi Cloud Key, Ubuntu, and other Debian-based Linux distributions: /usr/lib/unifi/
   • On CentOS, RedHat, Fedora, and other RHEL Linux distributions: /opt/unifi/
   • On MacOS: ~/Library/Application Support/UniFi
   • On Windows: "%USERPROFILE%/Ubiquiti Unifi"

   You can also use: “C:\Users\*account username*\Ubiquiti UniFi”

3. To generate the CSR code, run:
   
   

   java -jar lib/ace.jar new_cert example.com “Company name” “Locality” “State” CC

   • Replace example.com with your actual domain name or subdomain for UniFi (the common name for the certificate)
   • Company name: use your company/organization name or put NA (Not Applicable)
   • Locality: use your city, town or other locality name
   • State: use your state or province name or put the same value as Locality
   • CC (country code): use the appropriate 2-letter country code from here
     
     

   HELPFUL TIP: If any of the values contains more than one word, put them in quotes. Otherwise, UniFi will consider a second word to be a value of the next field (it will show no errors).

   IMPORTANT: When creating a wildcard CSR on UniFi (with a domain name like *.example.com), UniFi puts the domain name (subdomain) specified in the host value to an Organization unit field. This may cause issues during activation as “*” is not considered an alphanumeric symbol.

   The CSR file with a name unifi_certificate.csr.pem will be created in the data subfolder of the UniFi base folder.

   • On Linux/MacOS, you can open it with a command: cat /data/unifi_certificate.csr.pem
   • On Windows, go to the data subfolder > right-click on the file > Open with > choose Notepad or any other text editor.
     
     

   NOTE: On Debian-based Linux distributions, all related files are also duplicated in /var/lib/unifi folder.

   IMPORTANT: The private key for the certificate will be saved in the default UniFi keystore in the file /data/keystore/ (or simply keystore, depending on the system).

   Use the text code from the file during the certificate activation.