This tutorial provides step by step instructions on how to generate a CSR code and install an SSL Certificate on Unifi Cloud Key cloud device management. For bonus reading, we also included a brief history of Ubiquiti, the company behind the Unifi Cloud Key. Finally, the last section of this article provides useful tips on where to buy the best SSL Certificate of Unifi Cloud Key.

If you’ve already generated the CSR code and obtained the SSL certificate files, jump straight to the installations steps in part two. Use the links below to navigate between sections.

Generate a CSR code on Unifi Cloud Key
Install an SSL Certificate on Unifi Cloud Key
Test your SSL installation
Unifi Cloud Key history and versions
Where to buy the best SSL Certificate for Unifi Cloud Key?

Generate a CSR code on Unifi Cloud Key

The Certificate Signing Request, or simply CSR, is a block of encoded text with your contact details such as domain and company identity. To receive an SSL Certificate, every applicant must generate a CSR code and send it to the Certificate Authority (CA) for validation.

Please, follow the steps below to create your CSR file. Make sure you have SSH access.

  1. Back up your existing certificate configuration. Create a copy of /etc/ssl/private directory on your local desktop
  2. Once you’ve backed up the Cloud Key directory, remove its content: rm -f /etc/ssl/private/*
  3. Use the OpenSSL toolkit to create a new private key for your certificate. Run the command below:
    openssl genrsa -out /etc/ssl/private/cloudkey.key 2048
  4. Next, generate your CSR file:
    openssl req -new -batch \
    -subj "/C=US /ST=Washington/L=Seattle
    /emailAddress[email protected]" \
    -key /etc/ssl/private/cloudkey.key \
    -out /etc/ssl/private/cloudkey.csr
  5.  Replace the attributes in bold with your real contact details:
    • C – the two-letter country code
    • ST – the state where your company is registered
    • L – the locality/city where your company is located
    • O – the full legal name of your organization
    • OU – the name of the organizational unit (department) within your company requesting the SSL certificate
    • CN – the Common Name, also known as the FQDN (fully-qualified domain name) you want to secure with an SSL certificate
    • emailAddress – provide a valid email address
  6. Your CSR file is ready. You can open it with any text editor of your choice such as Notepad and use it during the digital certificate order process with your SSL vendor.

Install an SSL certificate on Unifi Cloud Key

After the CA validates your SSL request and delivers the SSL files to your inbox, you can continue with the installation.

  1. Check your email inbox and download the ZIP folder containing your SSL certificates
  2. Extract the SSL files from your ZIP folder. Depending on your SSL provider you may have the following files.
    • The primary SSL certificate
    • The intermediate SSL certificate
    • The root SSL certificate
    • The CA Bundle chain containing the root and intermediate certificates
  3. Copy your primary SSL Certificate into /etc/ssl/private/cloudkey.crt

    Note: Make sure you leave a line-feed after the —–END CERTIFICATE—– attribute

  4.  opy your intermediate certificate into the Cloud Key directory
  5. Next, you need to bundle your private key with your primary and intermediate SSL certificates.  Run the command below to generate the PKCS 12 file. Make sure you replace attributes in bold accordingly.
    openssl pkcs12 -export -in /etc/ssl/private/cloudkey.crt -inkey /etc/ssl/private/cloudkey.key -out /etc/ssl/private/cloudkey.p12 -name unifi -CAfile /etc/ssl/private/yourcaname.crt -caname root -password pass:enteryourpassword
  6. Now, import the PCKS 12 file into the Cloud Key keystore:
    keytool -importkeystore -deststorepass yourpassword -destkeypass yourpassword -destkeystore /usr/lib/unifi/data/keystore -srckeystore /etc/ssl/private/cloudkey.p12 -srcstoretype PKCS12 -srcstorepass yourpassword -alias unifi
  7. Set the permissions and delete the unnecessary files:
    rm /etc/ssl/private/cloudkey.csr
    rm /etc/ssl/private/yourcaname.crt
    rm /etc/ssl/private/cloudkey.p12
    tar -cvf cert.tar *
    chown root:ssl-cert /etc/ssl/private/*
    chmod 640 /etc/ssl/private/*
  8. Configure your Controller Hostname/IP so the name matches your certificate. (e.g.,
  9. Restart your server and the Unifi Controller

Congrats, you’ve successfully installed an SSL Certificate on Unifi Cloud Key

Test your SSL installation

After you install an SSL Certificate on Unifi Cloud Key, you can check your configuration for potential errors or vulnerabilities. To do this efficiently, use one of these high-end SSL tools. Pick any tool from the linked article, and get instant scans and reports on your SSL Certificate.

Unifi Cloud Key history and versions

Unifi Cloud Key is a product of Ubiquiti Networks, an American technology company founded in 2005. Ubiquiti specializes in wireless data communication. It builds products under multiple brand name for enterprise and wireless broadband providers.

One of such products is Unifi Cloud Key, a hybrid cloud device management that safely runs a local instance of the Unifi Controller software. Unifi Cloud Key features high-end Quad-Core architecture, and plug and play installation. It combines local network security with convenient remote access.

The latest Unifi Cloud Key firmware release is 0.13.4.

Where to buy the best SSL Certificate for Unifi Cloud Key?

If you’re looking for a great shopping experience, then SSL Dragon is an excellent option. Our intuitive and user-friendly website will smoothly walk you through the entire range of SSL Certificates. All our products are signed by trusted Certificate Authorities and are compatible with Unifi Cloud Key. We offer the following SSL validation types:

Enjoy the lowest prices on the market, and stellar customer support for any certificate you choose. And, if you’re struggling to find the perfect cert for your project, our SSL Wizard and Advanced Certificate Filter tools are ready to help you.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.