Azure VM SSL for UniFi Controller

Question

I want to preface by saying that I have no experience with SSL certificates, web sites, and the like.

I have a UniFi Controller running on a Windows Azure VM. I have site.mydomain.com pointed to the public IP of that VM where I can log into the UniFi controller.

I have been tasked with getting SSL on the controller site. When I go to the site currently, I get a "Not Secure" message in my browser and the Invalid Certificate is just Issued to/by: UniFi. The UniFi Controller had to have Java RE installed and I'm wondering if that is somehow involved in creating the "webserver" as IIS is not installed on the machine.

I have been searching for awhile and I've found articles about SSL for IIS Web servers running on VMs or for Azure Apps, but I don't think this applies in my case. I have also only found info for installing SSL to linux servers running UniFi Controllers.

Has anyone had experience with this? Does this require applying an SSL Certificate to the VM, creating a custom Azure App, or installing a certificate on our domain registrar (i.e. GoDaddy) that our domain DNS is hosted on?

Answer 1

So, in my case, the solution provided by the folks at the Let's Encrypt forums provided most useful.

A user named rmbolger provided some info on a PowerShell script (and cmdlet/app) which proved most helpful.

In short, a tool called Posh-ACME allowed us to reach out to the Let's Encrypt servers and then automatically register a new certificate via GoDaddy. It seems that most of the UniFi solutions in place reference Linux command line tools to complete this, but a Windows (PowerShell) solution is most appreciated.

Answer 2

@Michael Holley Apologies for the delay in response and all the inconvenience caused because of the issue.

As I can see you have already installed Unifi Controller on your VM you can still check below for configuration part:

https://devblogs.microsoft.com/premier-developer/setting-up-a-cloud-server-to-run-unifi-controller/

Based upon your error as mentioned here:

UniFi relies on HTTPS for extra security. This means that the browser will check for valid certificates when making a secure connection to the web server. Although the alert message may prove annoying, there's no risk to the connecting user. To avoid this error you must:

Buy a signed SSL certificate from any web hosting provider (or if you decide to generate one, see a few notes on that below).

Then make the following changes to the controller:

sudo su -  
# cd <unifi_base>   
# on Windows, "%USERPROFILE%/Ubiquiti Unifi"  
cd /usr/lib/unifi   
  
# create new certificate (with csr)  
java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>  
  
#  Enter your password if prompted and then it will create your CSR in /var/lib/unifi  
# - unifi_certificate.csr.der  
# - unifi_certificate.csr.pem  
  
# have this CSR signed by a CA, you'll get a few certificates back...  
# copy the signed certificate(s) to <unifi_base>  
  
# import the signed certificate and other intermediate certificates  
java -jar lib/ace.jar import_cert <signed_cert> [<other_intermediate_root_certs>...]  

Also for better expertise suggestion you can try posting your query on their public forum here.

Another useful article useful in your use case.

Hope it helps!!!

Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as convenient to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.