This article will describe how to install a paid SSL certificate to secure your UniFi management server running on a Windows machine.

Open a command prompt as admin on your UniFi server and navigate to your UniFi directory.

C:\Users\USERNAME>cd Ubiquiti UniFi

Generate the cert request:

C:\Users\USERNAME\Ubiquiti UniFi>java -jar lib\ace.jar new_cert unifi.domain.com

"Company Name" City State US

Certificate for unifi.domain.com generated

C:\Users\USERNAME\Ubiquiti UniFi>cd data

C:\Users\USERNAME\Ubiquiti UniFi\data> more unifi_certificate.csr.pem

—–BEGIN CERTIFICATE REQUEST—–

CERT WILL BE HERE

—–END CERTIFICATE REQUEST—–

Copy the request:

Copy the entire request including beginning and end and obtain cert from provider. I used gogetssl for about $13 for 3 years.

Get the SSL:

Download the ZIP with all intermediate files, unzip and put the crt files in the C:\Users\USERNAME\Ubiquiti UniFi> directory

Install the SSL:

Run the following command, adjust to match your cert names:

C:\Users\USERNAME\Ubiquiti UniFi>java -jar lib/ace.jar import_cert unifi_company_com.crt COMODO_RSA_Certification_Authority.crt AddTrust_External_CA_Root.crt COMODO_RSA_Domain_Validation_Secure_Server_CA.crt

You should get a confirmation:

Certificates successfully imported. Please restart the UniFi Controller.

Run services.msc to restart the UniFi controller and browse to the fqdn. If you try localhost on the box you need to make a hosts file entry to resolve to your fqdn for the cert to recognize.