Ubiquiti UniFi Video / airVision Custom SSL Certificate

Ubiquiti UniFi Video / airVision Custom SSL Certificate

A while back we wrote about how to generate a CSR, setup your own Certificate Authority, sign the request and import the cert into the Ubiquiti Common Controller on the UniFi Controller side. At the time there wasn’t a way to do the same thing on the UniFi Video/airVision side but now we are revisiting and have found that one of the updates has since changed this and it is now possible. Instructions on how we have achieved this are below. This will work on any standard installation of UniFi Video (debian unifi-video package) as well as the common controller/NVR.

If you haven’t already, follow steps 1 through 12 in this article we posted to setup your own CA and then come back here to continue:

  1. Generate a CSR for the UniFi Video
    cd /etc/ssl
    openssl genrsa -out private/unifi-video.key 4096
    openssl req -new -sha256 -key private/unifi-video.key -out unifi-video.csr
  2. Sign the certificate using the CA you have generated
    openssl ca -cert /etc/ssl/ca/certs/ca.cert.pem \
    -keyfile /etc/ssl/ca/certs/ca.key/pem -in unifi-video.csr \
    -out unifi-video.crt -extensions usr_cert -notext -md sha256 -days 3560
  3. Combine the certificates (including CA) and keyfile into PKCS12 format for the keystore keytool
    openssl pkcs12 -export -out unifi-video.pfx \
    -inkey private/unifi-video.key -in unifi-video.cert \
    -certfile /etc/ssl/ca/certs/ca.cert.pem
  4. Create a new keystore. We are using the password ubiquiti here as this is what unifi-video uses to access the keystore
    cd /usr/lib/unifi-video
    keytool -importkeystore -deststorepass ubiquiti -destkeypass ubiquiti \
    -destkeystore keystore -srckeystore /etc/ssl/unifi-video.pfx \
    -srcstoretype PKCS12 -srcstorepass ubiquiti -alias 1
    
  5. Change the alias of the cert on the keystore as this is what unifi-video refers to it as
    keytool -changealias -alias "1" -destalias "airvision" -keypass ubiquiti \
    -keystore keystore -storepass ubiquiti
  6. Backup the old keystore
    mv data/keystore data/keystore.bak
  7. Move the newly created keystore into place
    mv keystore data/keystore
  8. Restart the service
    service unifi-video restart

And hey presto everything should be working!

Leave a Reply

Your email address will not be published. Required fields are marked *

Contact

We'd love to hear from you.