How To Install A SSL Certificate On a UDM-Pro / SE

Created by Paul Sillars, Modified on Sat, 19 Aug, 2023 at 4:06 PM by Paul Sillars

SSL Installation on UDM-Pro

It is important to note that for a SSL certificate to work, your UDM-Pro / SE will need to have a valid host name that can be resolved via DNS.

You will first want to check you have a valid hostname for example

and that you can access the controller using that host name (this will normally involve you creating a DNS record that resolves locally)

UDM-pro uses a custom controller software with a simplified SSL setup process.

To install your SSL, you’ll need to replace the default certificate and Private key files in the controller configuration folder and restart the UniFi by following the steps below.

Step 1. Make sure the Secure Shell (SSH) is enabled for UDM-pro: Settings >> Network Settings >> Device Authentication >> Turn it on and set up the username and password (otherwise, you can generate an access key, which is an alternative option that you will be offered at the last step).

Step 2.  Connect via SSH and and go to the configuration folder:

cd /mnt/data/unifi-os/unifi-core/config/

Step 3. Prepare the installation files.

Inside the opened configuration folder, you should locate two files: unifi-core.crt and unifi-core.key. These are a self-signed certificate and Private key. 

To enable your trusted certificate, you’ll need to update their contents using the corresponding files that you received from the Certificate Authority (CA). Replace the current files with your new files from the CA. 

  • unifi-core.crt should contain your domain certificate (the .crt file) combined with the intermediate and root certificates (CA-bundle) in a single file.
  • unifi-core.key should contain the Private key file.

You can combine the .crt and .ca-bundle files you received from the CA by using any of the options below:

  • Upload both files to /mnt/data/unifi-os/unifi-core/config/ and run this command:

cat example.crt >> unifi-core.crt ; echo >> unifi-core.crt ; cat example.ca-bundle >> unifi-core.crt

  • Or open both files with any plaintext editor, create a combined unifi-core.crt  (certificate first, CA-bundle below it) file on your PC and upload it to the UDM. 

To open the file for editing on your PC, right click on the file >> select “Open with” >> choose any plaintext editor (Notepad, TextEdit, Text, etc. depending on your system)

  • Or copy and paste both files’ content to unifi-core.crt (in the same order as above: certificate first, CA-bundle below it).

To open it in the command line use any of the provided Linux editors like nano or vi (for example, run nano unifi-core.crt).

Step 4. Once both files (unifi-core.crt and unifi-core.key) are replaced in the config folder, restart the controller:

unifi-os restart

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article