Project status: complete
Objective: get the web interface of a Ubiquiti ER-X EdgeRouter to use a public certificate, in order to prevent browser warning messages.
This is partly based on this post.
Overview of the procedure:
SSH to the router, start a shell, and get root privileges:
$ sh $ sudo -i
As indicated in this Ubiquiti forum thread, the SSL files must be stored in the
/config/ directory to be persistent across firmware updates. We create an
ssl subdirectory to keep the files:
$ cd /config/ $ mkdir ssl
Let's start by creating the CSR:
$ cd /config/ssl/ $ openssl req -sha256 -out server.csr -new -newkey rsa:2048 -nodes -keyout server.key
For the CSR, use:
Copy the content of the
/config/ssl/server.csr file in the clipboard. When submitting the CSR to the certificate authority, select the Apache/ModSSL format.
Create a file containing the server certificate, and paste the content of the certificate:
$ cat > /config/ssl/server.crt
Optionally, create the intermediate certificate file:
$ cat > /config/ssl/intermediate.crt
Then create the PEM file containing both the certificate the private key:
$ cat /config/ssl/server.crt /config/ssl/private/server.key > /config/ssl/server.pem
Now switch back to the admin interface and set the options to use the new certificate:
configure set service gui ca-file /config/ssl/intermediate.crt set service gui cert-file /config/ssl/server.pem commit save exit
Make sure a DNS record for the hostname exists.