Replace the SSL Certificate on a Ubiquiti Edge Router Lite

To replace the self signed certifcate with a valid certifcate for the web UI on the Edge Router Lite follow these instructions:

SSH to your EdgeRouter, then get super-user privileges with:

$ sudo -i

Use DigiCert’s OpenSSL CSR Wizard to generate the OpenSSL command needed to generate the key and certificate signing request files.

It will look something like this:

# openssl req -new -newkey rsa:2048 -nodes -out commonname.csr -keyout commonname.key -subj "/C=/ST=/L=/O=/OU=mynetwork/CN=edgerouterlite"

Run the command on the router to generate the csr and key files.

Display the contents of the csr in the terminal with:

# cat hostname_example_com.csr

Copy the contents of your CSR to your local clipboard.

Use your CA of choice to sign the request, add any SAN names at this point.

Open the and copy the contents of the new cert in to clipboard.

Write the new cert to a text file on the router using vi:

# vi newcert.cer

Combine the contents of the private key and the new certificate into a file called server.pem with:

# cat commonname.key newcert.cer > server.pem

Make a backup of the existing .pem file so it’s easy to restore in case anything goes wrong:

# cp /etc/lighttpd/server.pem /root/server.pem.original

Overwrite the .pem file  in the web server directory:

# cp /root/server.pem /etc/lighttpd/server.pem

you can either reboot or to avoid downtime restart the web server using these commands:

# kill -SIGINT $(cat /var/run/

then start it again with:

# /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf

Done. You should now have a valid certificate on your router.

Posted on March 30, 2019 at 0:02 by simon · Permalink
In: Hardware, Security, Tech · Tagged with: 

Leave a Reply