Posted on

UDM Pro and SSL

So you have a Ubiquiti Dream Machine Pro (UDM pro) box, and you want to install SSL certificates?

This goes for the OS Version 3.2+

This is quite straightforward in a few single steps.

  1. Enable SSH login in the machine.
  2. Connect by SSH using “admin” and your password to the machine.
  3. do a
    cd /data/unifi-core/config
  4. In there, do a backup:
    tar zcvf backup.tgz *
    and download this file (sftp / scp).
    scp [email protected]:/data/unifi-core/config/backup.tgz .
  5. in there, you should find the following files: 
    unifi-core-direct.crt
    unifi-core-direct.key
    unifi-core.crt
    unifi-core.key
  6. Make a copy of your SSL key, and rename it as unifi-core.key and unifi-core-direct.key
  7. Create a new file called unifi-core.crt, and in this file, you copy in your certificate
    followed by the root CA bundle from your certificate issuer, such as :
    <certificate_file>
    <bundle_file>
    and save it, then copy the file unifi-core.crt to unifi-core-direct.crt 

    Here’s the command line steps to create the files for all above:
    cat cert.key > unifi-core.key
    cat cert.key > unifi-core-direct.key
    cat cert.pem > unifi-core.crt
    echo "" >> unifi-core.crt
    cat cert.ca-bundle.pem >> unifi-core.crt
    cp unifi-core.crt unifi-core-direct.crt

  8. Upload the files (sftp/scp) to the folder /data/unifi-core/config
    scp unifi-core-* [email protected]:/data/unifi-core/config/
  9. On your UDM pro, issue the command:
    systemctl restart unifi-core
    You should now be able to connect to the machine using the https and certificate.
    Note that you may need to point out the address in your DNS, or add the IP in your lmhosts/hosts file,
    such as 192.168.0.1 gw.<domain.tld>

That should be it, and you should have a working SSL certificate on the box.
Note that updates of the OS, may reset the files, so keep them handy.

Good luck!