1. Request certificate. I saved my certificate as unifi2020.crt and unifi2020.key
2. Replace certificate on unifi controller
openssl pkcs12 -export -inkey unifi2020.key -in unifi2020.crt -out unifi.p12 -name unifi -password pass:temppass
keytool -importkeystore -deststorepass aircontrolenterprise -destkeypass aircontrolenterprise -destkeystore /var/lib/unifi/keystore -srckeystore unifi.p12 -srcstoretype PKCS12 -srcstorepass temppass -alias unifi -noprompt
3. Restart unifi
In Firefox, type ‘about:config’ in the address bar
If prompted, accept any warnings
search for ‘security.enterprise_roots.enabled‘ as the Name
Set the value to ‘true’
It’s a wired issue.
Port 3389 is open, and can telnet to it. But if try to RDP to the server, the RDP connection will failed immediately.
And in system event log, there is an error message said “Description: A fatal error occurred when attempting to access the SSL server credential private key.”
After investigation, found out this issue was caused by the incorrect file permission were set on files within C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys.
So the fix is, grant system full control access to folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys as well as all files within this folder.
Rename below folder to Machinekeys_old
And then restart the server
If groupolicy disabled you to do so, then we still can turn off certificate revocation check in registry
In registry editor browse to the following key:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinTrustTrust ProvidersSoftware Publishing
Change Value “State” to 146944 Decimal or 0x00023e00 Hexadecimal
1. Install OpenSSL version 0.9.8 for windows, you can get it from below link:
2. Install it on a windows machine. By default, OpenSSL will be installed to C:OpenSSL
3. Copy the pfx certificates into folder C:OpenSSLbin
4. Run command line as administrator, and go to folder C:OpenSSLBin
5. Use below command to covert the certificate:
a. Generate crypt key file for the certificate via below command:
openssl pkcs12 -in server.pfx -nocerts -out server_tmp.key
During this step, it will ask for pfx certificate password and the pass phrase for the key. Use any word you like as the pass phrase, do not use blank pass phrase.
Then use below command to decrypt the key. In this step it will ask you the pass phase you used before.
openssl rsa -in server_tmp.key -out server.key
b. Generate crt file for the certificate via below command:
openssl pkcs12 -in server.infau.wbcau.westpac.com.au.pfx -clcerts -nokeys -out server.crt
6. Done. Now you can install the certificate for ESXi host