question

MichaelHolley-2420 avatar image
0 Votes"
MichaelHolley-2420 asked prmanhas-MSFT commented

Azure VM SSL for UniFi Controller

I want to preface by saying that I have no experience with SSL certificates, web sites, and the like.

I have a UniFi Controller running on a Windows Azure VM. I have site.mydomain.com pointed to the public IP of that VM where I can log into the UniFi controller.

I have been tasked with getting SSL on the controller site. When I go to the site currently, I get a "Not Secure" message in my browser and the Invalid Certificate is just Issued to/by: UniFi. The UniFi Controller had to have Java RE installed and I'm wondering if that is somehow involved in creating the "webserver" as IIS is not installed on the machine.

I have been searching for awhile and I've found articles about SSL for IIS Web servers running on VMs or for Azure Apps, but I don't think this applies in my case. I have also only found info for installing SSL to linux servers running UniFi Controllers.

Has anyone had experience with this? Does this require applying an SSL Certificate to the VM, creating a custom Azure App, or installing a certificate on our domain registrar (i.e. GoDaddy) that our domain DNS is hosted on?

azure-virtual-machines
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MichaelHolley-2420 avatar image
0 Votes"
MichaelHolley-2420 answered prmanhas-MSFT commented

So, in my case, the solution provided by the folks at the Let's Encrypt forums provided most useful.

A user named rmbolger provided some info on a PowerShell script (and cmdlet/app) which proved most helpful.

In short, a tool called Posh-ACME allowed us to reach out to the Let's Encrypt servers and then automatically register a new certificate via GoDaddy. It seems that most of the UniFi solutions in place reference Linux command line tools to complete this, but a Windows (PowerShell) solution is most appreciated.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MichaelHolley-2420 Glad to hear that you got the help and I am really thankful to you for sharing solution out with community :)

Have a good day!!!

Thanks

0 Votes 0 ·
prmanhas-MSFT avatar image
0 Votes"
prmanhas-MSFT answered prmanhas-MSFT commented

@MichaelHolley-2420 Apologies for the delay in response and all the inconvenience caused because of the issue.

As I can see you have already installed Unifi Controller on your VM you can still check below for configuration part:

https://devblogs.microsoft.com/premier-developer/setting-up-a-cloud-server-to-run-unifi-controller/

Based upon your error as mentioned here:

UniFi relies on HTTPS for extra security. This means that the browser will check for valid certificates when making a secure connection to the web server. Although the alert message may prove annoying, there's no risk to the connecting user. To avoid this error you must:


Buy a signed SSL certificate from any web hosting provider (or if you decide to generate one, see a few notes on that below).

Then make the following changes to the controller:

 sudo su -
 # cd <unifi_base> 
 # on Windows, "%USERPROFILE%/Ubiquiti Unifi"
 cd /usr/lib/unifi 
    
 # create new certificate (with csr)
 java -jar lib/ace.jar new_cert <hostname> <company> <city> <state> <country>
    
 #  Enter your password if prompted and then it will create your CSR in /var/lib/unifi
 # - unifi_certificate.csr.der
 # - unifi_certificate.csr.pem
    
 # have this CSR signed by a CA, you'll get a few certificates back...
 # copy the signed certificate(s) to <unifi_base>
    
 # import the signed certificate and other intermediate certificates
 java -jar lib/ace.jar import_cert <signed_cert> [<other_intermediate_root_certs>...]


Also for better expertise suggestion you can try posting your query on their public forum here.

Another useful article useful in your use case.

Hope it helps!!!

Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as convenient to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.









· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I do appreciate the additional details and the links to the articles. I have also posted to the UniFi Forums in search of an answer.

Unfortunately, the article only seems valid for linux commands, as the Windows paths do not exist.

If possible, I'd rather wait to see if there is another user who might have insight? Or delete the question altogether. I hate marking as answer leading another Windows SysAdmin to a dead end.

0 Votes 0 ·

@MichaelHolley-2420 Sure that totally make sense.
We can wait if someone else can provide any further input on this. Also in case you get the answer from the later forum please share out your solution so it can help community looking for help on similar topics :)

0 Votes 0 ·

@MichaelHolley-2420 Just following up to check if you got any inputs on mentioned issues from UniFi forum.
'
If you got any input I would request you to share the solution with community so it can help others looking for guidance on the issue.

Thanks

0 Votes 0 ·