unifi_ssl_import.sh didn't import the intermediate cert

[haraldhh]

I tried to verify the SSL certificate via openssl (icinga/nagios) but it failed with missing certificates.

It turns out that unifi_ssl_import.sh doesn't include the intermediate cert in the bundle.

I modified the script to concatenate the $SIGNED_CERT and $CHAIN_FILE to another temporary file, and then included that. Now the SSL certificate is verifyable via openssl.

--- unifi_ssl_import.sh.dist	2023-03-29 11:24:55.970766471 +0300
+++ unifi_ssl_import.sh	2023-03-29 11:21:02.437590249 +0300
@@ -92,6 +92,7 @@
 	printf "\nImporting the following files:\n"
 	printf "Private Key: %s\n" "$PRIV_KEY"
 	printf "CA File: %s\n" "$CHAIN_FILE"
+	printf "Certificate File: %s\n" "$SIGNED_CERT"
 fi
 
 # Create temp files
@@ -126,9 +127,19 @@
 
 #If there is a signed crt we should include this in the export
 if [[ -f ${SIGNED_CRT} ]]; then
+
+	# 2023-03-29 Harald
+	tmpfile="/tmp/$(mcookie)"
+	if [ -f "${tmpfile}" ] ; then
+		echo "tmpfile $tmpfile exists, exiting"
+		exit 1
+	else # create a file containing cert + intermediate cert;
+		cat "${SIGNED_CRT}" "${CHAIN_FILE}" > "${tmpfile}"
+	fi
+
+#    -in "${CHAIN_FILE}" \
     openssl pkcs12 -export \
-    -in "${CHAIN_FILE}" \
-    -in "${SIGNED_CRT}" \
+    -in "${tmpfile}" \
     -inkey "${PRIV_KEY}" \
     -out "${P12_TEMP}" -passout pass:"${PASSWORD}" \
     -name "${ALIAS}"
@@ -156,7 +167,7 @@
 
 # Clean up temp files
 printf "\nRemoving temporary files...\n"
 -rm -f "${P12_TEMP}"
+rm -f "${P12_TEMP}" "${tmpfile}"

 # Restart the UniFi Controller to pick up the updated keystore
 printf "\nRestarting UniFi Controller to apply new Let's Encrypt SSL certificate...\n"