sudo apt-get install python-certbot
Generate certificate. Change unifi.yourdomain.com to the domain name you have pointing to your UniFi-Video controller.
sudo certbot certonly -d unifi.yourdomain.com
Certbot will create the files in “/etc/letsencrypt/live/unifi.yourdomain.com/”
Now you should stop the unifi service.
systemctl stop unifi
The following two commands create and install the keystore for the UniFi-Video application. These commands were copied from
here. Thanks scobber! echo ubiquiti | openssl pkcs12 -export -inkey /etc/letsencrypt/live/unifi.yourdomain.com/privkey.pem -in /etc/letsencrypt/live/unifi.yourdomain.com/cert.pem -name airvision -out /usr/lib/unifi-video/data/keys.p12 -password stdin
echo y | keytool -importkeystore -srckeystore /etc/letsencrypt/live/unifi.yourdomain.com/keys.p12 -srcstoretype pkcs12 -destkeystore /usr/lib/unifi-video/data/keystore -storepass ubiquiti -srcstorepass ubiquiti
Remove or rename the Trusted Store. If you don’t, the cameras will connect, but will not record. The controller will rebuild the ufv-truststore when it starts up and the cameras will be able to record.
Start the UniFi-Video service
systemctl start unifi-video
Now you can check it by going to https://unifi.yourdomain.com:8443
Posted in Ubiquiti, UniFi Video |
Tagged cert, certbot, lets encrypt, letsencrypt, ssl, ssl cert, ubiquiti, ubnt, unifi, unifi-video |
yum install mod_ssl -y
Create Directory for SSL key.
chmod 700 /etc/ssl/key
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/key/localhost.key -out /etc/ssl/certs/localhost.crt
Fill out the info or what is applicable.
Now edit the LibreNMS Apache config file /etc/httpd/conf.d/librenms.conf
All you have to do is add the following three lines under the VirtualHost and change *:80 to *:443.
SSL CertificateKeyFile /etc/ssl/key/localhost.key
So when your finished the file should look like this.
CustomLog /opt/librenms/logs/access_log combined
Require all granted
Options FollowSymLinks MultiViews
Don’t forget to allow https/port 443 traffic through the firewall. Guide
If you have any issues, you may need to chmod the key and crt file.
chmod 644 /etc/ssl/certs/localhost.crt
chmod 644 /etc/ssl/key/localhost.key
You should now be able to access LibreNMS using https. Note, you’ll need to allow an exception in your browser for your self signed certificate.
Posted in CentOS, Fedora, LibreNMS, Linux, RedHat |
Tagged centos, cert, https, librenms, linux, nms, openssl |