roles/unifi/templates/usr/local/sbin/unifi-certificate-update.sh.j2


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

#!/bin/bash

exec 1> >(logger -s -t $(basename "$0")) 2>&1

UNIFI_KEYSTORE='{{ unifi_keystore }}'
CERT_PATH='{{ unifi_certificate_path }}'
CA_PATH='{{ unifi_certificate_ca_path }}'
KEY_PATH='{{ unifi_certificate_key_path }}'
PKCS12_PATH='/etc/pki/tls/private/unifi.p12'
PASSWORD='aircontrolenterprise'

openssl pkcs12         \
  -export              \
  -in "$CERT_PATH"     \
  -inkey "$KEY_PATH"   \
  -out "$PKCS12_PATH"  \
  -name unifi          \
  -CAfile "$CA_PATH"   \
  -caname root         \
  -password pass:"$PASSWORD"

keytool                           \
  -importkeystore                 \
  -deststorepass "$PASSWORD"      \
  -destkeypass "$PASSWORD"        \
  -destkeystore "$UNIFI_KEYSTORE" \
  -srckeystore "$PKCS12_PATH"     \
  -srcstoretype PKCS12            \
  -srcstorepass "$PASSWORD"       \
  -alias unifi                    \
  -noprompt

systemctl restart unifi