Encrypting Ubiquiti NRV & Wireless Platforms

I have been testing some Ubiquiti hardware and systems lately. While their hardware is not the cheapest out there it is pretty nice. One benefit to using Ubiquiti hardware is they make most if not all of their server side software available for free. That is free as in beer. Being able to use their software on my platforms of choice to control my hardware is so much better than having to buy a management appliance. These management appliance devices can easily cost twice that of the initial hardware if not more. So enough gushing about Ubiquiti, and on to the tech,

I had been using the Unifi-Controller application on a windows system for Wireless Access Point management, but every time Java decided it needed to be update it would break the startup scripts. Thats Java & Windows for you. Being a Net/Systems admin, I decided there must be a better option. After some research I found that Ubiquity makes their software available to lots of platforms including Mac, Windows, Linux, iOS, & Android. It is Java after all. Maybe I have an old calculator that could run this software Being an Ubuntu fan boy you know where I was heading (Ubuntu Server LTS VM). After a single .deb install I was up and running.

Next I wanted to setup and start using Ubiquity HD IP Cameras for surveillance. After the initial camera purchase on Amazon ($99), I found myself saying great I will be able to see live footage, but what about past footage. This lead me down a path to the Ubiquiti NRV (network video recorder) Appliance, for nearly 4 times the cost of the camera. Trusting that Ubiquiti would surely follow the same model for server side software as they did for their wireless management, I jumped right over to the Ubiquiti downloads. I found that they supported Ubuntu, as well as Debian, Mac, Windows, iOS, and Android. Just a .deb install later, and I had a full fledged Network Video Recording System for free.

Now on to the real nerdy stuff Encryption. No one likes when your browser throws up the SSL Cert error when its your own server! Most web servers are easy enough to change the SSL cert. Well this was my first delve into a Java based web server. I believe it runs Tomcat. After lots of time researching I was able to swap out the SSL certs used in both Unifi-Controller and Unifi-Video server side software. I decided that I should pry create a write up about this since there does not seem to be any place that covers both pieces of software in specific details. I only found info regarding the NVR SSL certs. Below you will find the command line steps required to add your own SSL certs to your own Ubiquiti server systems. Please keep in mind these are generic commands that were tested on Ubuntu with the Ubiquiti Software versions as of 04/01/2016. Your millage may vary. These steps are static, and will not be updated. They are merely meant as a skeleton guide. If this helps at least one person, then it was worth it. Keep Creating, and keep documenting!

Unifi-Controller (Wireless AP management)

Convert the .crt & .key into a .p12 with password: (Unifi-Video PW = aircontrolenterprise)
COMMAND: openssl pkcs12 -export -in unifi.crt -inkey unifi.key > unifi.p12
Backup the keystore: (/var/lib/unifi/)
COMMAND: cp keystore keystore.date.backup
Import .p12 into keystore:
COMMAND: keytool -importkeystore -destkeystore keystore -deststorepass aircontrolenterprise -srckeystore unifi.p12 -srcstoretype PKCS12
List Keys in keystore: (Unifi-Video PW = aircontrolenterprise)
COMMAND: keytool -list -keystore keystore
Remove the existing unifi key:
COMMAND: keytool -delete -keystore keystore -storepass aircontrolenterprise -alias unifi
Rename 1 to unifi:
COMMAND: keytool -changealias -keystore keystore -storepass aircontrolenterprise -alias 1 -destalias unifi
Reboot Server! Your browser may not see new cert, so clear and cookies/cache.

Unifi-Video (Network Video Recorder)

Convert the .crt & .key into a .p12 with password: (Unifi-Controller PW = ubiquiti)
COMMAND: openssl pkcs12 -export -in unifi.crt -inkey unifi.key > unifi.p12
Backup the keystore: (/var/lib/unifi-video/)
COMMAND: cp keystore keystore.date.backup
Import .p12 into keystore:
COMMAND: keytool -importkeystore -destkeystore keystore -deststorepass ubiquiti -srckeystore unifi.p12 -srcstoretype PKCS12
List Keys in keystore: (Unifi-Controller PW = ubiquiti)
COMMAND: keytool -list -keystore keystore
Remove the existing airvision key:
COMMAND: keytool -delete -keystore keystore -storepass ubiquiti -alias airvision
Rename 1 to airvision:
COMMAND: keytool -changealias -keystore keystore -storepass ubiquiti -alias 1 -destalias airvision
Reboot Server! Your browser may not see new cert, so clear and cookies/cache.

External Ubiquity NVR How to videos:

Ubiquiti Networks NVR UniFi Video Part 1 -How to download Ubuntu Server
https://www.youtube.com/watch?v=HBiO1AL4F6c
Ubiquiti Networks NVR UniFi Video Part 2 -Installing Ubuntu 14.04 Server
https://www.youtube.com/watch?v=wj-rd1gQ1jw
Ubiquiti Networks NVR UniFi Video Part 3 Download and setup the UniFi Video NVR
https://www.youtube.com/watch?v=ovJ5BsJivA8