I have finally figured out how to export Private Key from Fortigate firewall and successfully install Godaddy Wildcard SSL certificate in UniFi Cloud Key Gen 2 Plus Network Controller

Subject: I have finally figured out how to export Private Key from Fortigate firewall and successfully install Godaddy Wildcard SSL certificate in UniFi Cloud Key Gen 2 Plus Network Controller

Good day from Singapore,

Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 26 Oct 2022 Wednesday

I have finally figured out how to export Private Key from Fortigate firewall and successfully install Godaddy Wildcard SSL certificate in UniFi Cloud Key Gen 2 Plus Network Controller because I have finally found the correct reference guides! Please refer to the following list.

Reference Guides
=================

Youtube video: Ubiquiti Networks UniFi OS SSL Certificate Installation

Guide: Extracting Private Key from FortiGate Firewall

Guide: Extracting private key from FortiGate SSL Certificates

Guide: How to decrypt an RSA private key and then use it in kyrtool to merge the SSL certificates.

Guide: How to Fix an Encrypted SSL Private Key

DETAILED INSTRUCTIONS FROM TEO EN MING
=======================================

Login to the Fortigate 201F firewall and run the following commands using CLI.

config vpn certificate local

edit <certificate-name>

show full

You will see something like:

-----BEGIN ENCRYPTED PRIVATE KEY-----
<---snipped--->
-----END ENCRYPTED PRIVATE KEY-----

Save the above encrypted private key as encrypted.txt in notepad or notepad++ in Windows Server.

Then decrypt the encrypted private key using the openssl linux command.

openssl rsa -in encrypted.txt -out plain.txt

Download and install Keystore Explorer in Windows Server.

Launch KeyStore Explorer 5.5.1.

Click Create a new KeyStore.

Click JKS.

Click OK.

Click Import Key Pair.

Click OpenSSL.

Click OK.

Uncheck Encrypted Private Key.

Browse OpenSSL Private Key File. (plain.txt)

Browse Certificate(s) File. (chain.crt generated from Godaddy Wildcard SSL certificate)

Click Import.

Enter Alias: unifi

Click OK.

Enter New Password: aircontrolenterprise

Confirm New Password: aircontrolenterprise

Click OK.

Click OK.

Click Save.

Enter New Password: aircontrolenterprise

Confirm New Password: aircontrolenterprise

Save KeyStore As: keystore (filename without extension)

Click Save.

Launch WinSCP in Windows Server.

Transfer keystore file to /srv/unifi/data.

Browse to /data/unifi-core/config. Create backup folder.

Move default/original unifi-core.crt and unifi-core.key to above backup folder.

Upload plain.txt to /data/unifi-core/config as unifi-core.key.

Upload chain.crt (generated from Godaddy Wildcard SSL certificate) to /data/unifi-core/config as unifi-core.crt

Reboot UniFi Cloud Key Gen 2 Plus network controller. You MUST reboot for it to take effect!

SUCCESS!

Browse to https://cloudkey.teo-en-ming-corp.com on your favorite web browser. You should see a padlock icon on the browser address bar. This means that the Wildcard SSL certificate was installed correctly.

I started doing it at 5.00 PM and completed doing it at 6.00 PM Singapore time on 26 Oct 2022 Wednesday.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Blogs:




REFERENCES
================







Comments

Post a Comment

Popular posts from this blog

How the Singapore Government cheated my family of a HDB flat (Draft 22 Aug 2023)

Subject: How the Singapore Government cheated my family of a HDB flat (Draft 22 Aug 2023) It is a Well-Known Fact that government(s) invented mental illness to punish and torture people (and their families) who criticise the government or say bad things about the government. The Singapore Government rewarded my mother with a mental illness (schizophrenia). By leveraging mind control technology, the Singapore Government is able to make my mother hear voices in her head and trick her into believing that her neighbors are scolding her and targeting her everyday. Yes, the Singapore Government resorted to using this trickery. My mother firmly believes that her neighbors are scolding her and targeting her everyday. So we sold off our 1st HDB flat at Bedok North Street 3 and purchased another HDB flat at Yishun without careful consideration, planning and advice. When we moved to the HDB flat at Yishun, my mother still firmly believes that her neighbors are scolding her and targeting her every...
Read more

[DRAFT 26 SEP 2022] HDB refuses to reduce monthly rental fees of my rental flat despite many appeals

Subject: [DRAFT 26 SEP 2022] HDB refuses to reduce monthly rental fees of my rental flat despite many appeals DRAFT 26 SEP 2022 FOR IMMEDIATE RELEASE My name is Mr. Turritopsis Dohrnii Teo En Ming. I am 44 years old. I am a Targeted Individual (TI) living in Singapore. A Targeted Individual is a person who is persecuted, targeted, marked and blacklisted by the government. After graduation from the National University of Singapore in Dec 2006, I started working in Defense Science and Technology Agency (DSTA) as an IT Engineer. But I offended Singapore Minister Mentor Lee Kuan Yew in the year 2007. When I was having a private conversation with my manager Mr. Loh Choon Fah in his office, I said: "When Lee Kuan Yew is gone, Singapore would be more democratic.". This is how I offended Singapore strongman Lee Kuan Yew. Within a few months, I started hearing threatening and menacing voices from the Singapore government. Hearing voices is also known as schizophrenia (mental illness)....
Read more