Replace the SSL Certificate on a Ubiquiti Edge Router Lite
To replace the self signed certifcate with a valid certifcate for the web UI on the Edge Router Lite follow these instructions:
SSH to your EdgeRouter, then get super-user privileges with:
$ sudo -i
Use DigiCert’s OpenSSL CSR Wizard to generate the OpenSSL command needed to generate the key and certificate signing request files.
It will look something like this:
# openssl req -new -newkey rsa:2048 -nodes -out commonname.csr -keyout commonname.key -subj "/C=/ST=/L=/O=/OU=mynetwork/CN=edgerouterlite"
Run the command on the router to generate the csr and key files.
Display the contents of the csr in the terminal with:
# cat hostname_example_com.csr
Copy the contents of your CSR to your local clipboard.
Use your CA of choice to sign the request, add any SAN names at this point.
Open the and copy the contents of the new cert in to clipboard.
Write the new cert to a text file on the router using vi:
# vi newcert.cer
Combine the contents of the private key and the new certificate into a file called server.pem with:
# cat commonname.key newcert.cer > server.pem
Make a backup of the existing .pem file so it’s easy to restore in case anything goes wrong:
# cp /etc/lighttpd/server.pem /root/server.pem.original
Overwrite the .pem file in the web server directory:
# cp /root/server.pem /etc/lighttpd/server.pem
you can either reboot or to avoid downtime restart the web server using these commands:
# kill -SIGINT $(cat /var/run/lighttpd.pid)
then start it again with:
# /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
Done. You should now have a valid certificate on your router.
In: Hardware, Security, Tech · Tagged with: ubiquiti