Skip to content

Instantly share code, notes, and snippets.

@ljack

ljack/unifi-cert-mkcert.md

Created November 30, 2025 23:21
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ljack/ad80886cf6f48334ef353a096d58e7d7 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ljack/ad80886cf6f48334ef353a096d58e7d7 to your computer and use it in GitHub Desktop.
Download ZIP
Creating UniFi-Friendly TLS Certificates Using mkcert
Raw
unifi-cert-mkcert.md

Creating UniFi-Friendly TLS Certificates Using mkcert

UniFi devices (UDM/UDM-SE/CloudKey) are picky about certificates.
They require:

  • A valid Common Name (CN)
  • A correct Subject Alternative Name (SAN) list
  • A certificate and key that mathematically match
  • No missing SANs (or the UI and WebSockets will fail)

This article shows how to generate a fully working UniFi certificate using mkcert and how to refine it using OpenSSL.

1. Install mkcert

macOS:

brew install mkcert nss
mkcert -install
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment