SSL for Ubiquiti UniFi Controller Software – Linux


These are the steps install or update the SSL certificate on Ubiquiti UniFi Controller software.

Detailed Steps

  1. Login to linux host via SSH, then sudo su – root.
  2. Copy SSL certificate, key file, and CA Bundle onto host.
  3. Verify the existing keystore – keytool -list -keystore /var/lib/unifi/keystore, password is aircontrolenterprise.
  4. Backup the original keystore – cp /var/lib/unifi/keystore /home/keystore.orig.
  5. Start the generation of the new keystore – openssl pkcs12 -export -in /tmp/STAR_rm-pc_com.crt -inkey /tmp/STAR_rm-pc_com_key.txt -out /tmp/tmpkeystore -passout pass:aircontrolenterprise -name unifi
  6. Complete the generation of the new keystore – keytool -importkeystore -srckeystore /tmp/tmpkeystore -srcstorepass aircontrolenterprise -destkeystore /tmp/newkeystore -deststorepass aircontrolenterprise -alias unifi -trustcacerts
  7. Copy the new keystore into place – cp /tmp/newkeystore /var/lib/unifi/keystore
  8. Restart the controller software – systemctl restart unifi
  9. Verify the SSL Certificate is coming up and correct using a web browser and go to:

How to Reset Password on a SMC 6128L2 Tiger Switch

  1. Establish a console connection to the switch.
  2. Disconnect the power to the switch.
  3. Reconnect the power to the switch, and press CTRL-U during boot up.
  4. At this point you should receive a password prompt.  The password should be mercury.  Note, there is a delayed response from the console.
  5. You should now see a list of config and operation files.  Look for the config file that has a 1 next to it in the S/UP field – this will be the config file that is loading with the bad/unknown password.  Press “D” to delete a file, type the name of the file, it is case sensitive, so type the filename as it is displayed.  The deletion can takes about 30 seconds to complete.
  6. Press “Q” to quit, if no startup file is set it will default back to the factory default configuration.
  7. If it worked, the login will be back to Username: admin and  Password: admin, as the default login.

ICMP Being Blocked From a Separated Internal Network on a Windows 10 Host

If you have a Windows 10 host on a network, let’s say, and a monitoring host on a server network, let’s say  Other hosts that are on the network are currently able to ping the Windows 10 host but not your monitoring host.  The easy fix is to open an elevated command prompt, and then type:

netsh firewall set icmpsetting type=all mode=enable