Certificates for Unifi on Docker in Synology
I have my Unifi Controller running within Docker on a Synology NAS. It is simple to set up, for example by following the instructions here. Getting certificates for https with the Synology UI is straightforward. Functionality to obtain (for example) LetsEncrypt certificates is readily available in the Control Panel under Security/Certificates. But how can one transfer those certificates to the UniFi Controller running in Docker? Here is how it worked for me:
Download the certificates from the NAS by using the “Export” function in DSM. This will download a zip file called archive.zip containing three files: cert.pem, chain.pem and privkey.pem.
Unzip the archive and concatenate the cert.pem and chain.pem files:
cat cert.pem chain.pem >fullchain.pem
Upload fullchain.pem and privkey.pem to the unifi directory on the NAS.
Start a bash session within the UniFi Controller docker container. Run the following commands to convert and install the certs (see also here):
openssl pkcs12 -export -inkey privkey.pem -in fullchain.pem -out cert.p12 -name unifi -password pass:temppass keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore cert.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias unifi -noprompt
Restart the Controller. Easiest way to do that is restarting the Docker container.
Don’t forget to delete all the certificate files.