A CSR (Certificate Signing Request) is a block of code submitted when you activate your SSL in your Namecheap account. It contains encrypted information about your company/business and domain name.
On UDM-base software, you can generate a CSR code by using a few standard commands:
IMPORTANT: Ensure you start the application with administrator rights on Windows or have either root or sudo user access on Linux/MacOS.
To run the application as administrator on Windows, you can right-click the program icon and choose the Run as administrator option or do the following:
Properties > Compatibility > mark the Run this program as as an administrator > OK.
To enable sudo access on Linux-based systems, run:
sudo su -
java -jar lib/ace.jar new_cert example.com “Company name” “Locality” “State” CC
HELPFUL TIP: If any values contain more than one word, put them in quotes. Otherwise, UniFi will consider a second word to be a value of the next field (it will show no errors).
IMPORTANT: When creating a wildcard CSR on UniFi (with a domain name like *.example.com), UniFi puts the domain name (subdomain) specified in the host value to the Organization unit field of the CSR. This may cause issues during SSL activation in some systems. However, we did not detect such issues in our system — a CSR with the same Wildcard common name and “Organization unit” field will be accepted anyway.
A CSR file with the name unifi_certificate.csr.pem will be created in the data subfolder of the UniFi base folder.
IMPORTANT: The Private key for the certificate will save to the default UniFi keystore in the file /data/keystore/ (or simply keystore, depending on the system).
Use the text code from the file during certificate activation.
On UDM-pro, there is no explicit option for Certificate Signing Request (CSR code) creation. Therefore the Certificate Signing Request should be generated by using an online tool or the OpenSSL command. We'll provide more tips on this later. But first, you'll need to configure the UDM server hostname to start the SSL installation process on your server.
Once you specify the UDM hostname, the system automatically creates a Private key and a self-signed certificate in a specific folder named /mnt/data/unifi-os/unifi-core/config/, but no CSR code will be generated along with the certificate and Private key files.
SSL installation on UDM-Pro requires placing SSL files in this specific folder, named /mnt/data/unifi-os/unifi-core/config/, and it can only be generated by the system when the user edits the settings to specify the server hostname.
That's why it's obligatory to initiate this process and get the folder with the default files generated. Then, you can replace those files with your SSL later by simply updating the files' names.
Therefore, even though the CSR will need to be generated elsewhere, the UDM hostname should be specified first to get the necessary folder with files created. To initiate this process:
Because the CSR file is still required to activate your trusted SSL, we recommend using one of these third-party options to create it:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
Generate the CSR, copy the complete code with the header and footer lines and use it for the activation process.
IMPORTANT: Make sure not to delete or forget to save the Private key generated along with it!