From eba5fee91a71f4f7dd4125de49fa2c681d899e2d Mon Sep 17 00:00:00 2001
From: Brie Bruns <bruns@2mbit.com>
Date: Sun, 10 Oct 2021 21:43:15 -0600
Subject: [PATCH] Split out import process for root certs

---
 gen-unifi-cert.sh | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/gen-unifi-cert.sh b/gen-unifi-cert.sh
index ee95932..2c889ee 100755
--- a/gen-unifi-cert.sh
+++ b/gen-unifi-cert.sh
@@ -204,6 +204,14 @@ _EOF
   echo "Stopping Unifi controller..."
   service unifi stop
   
+  echo "Removing existing certificates from Unifi protected keystore..."
+  keytool -delete -alias unifi -keystore "${KEYSTORE}" \
+          -deststorepass aircontrolenterprise -noprompt
+  keytool -delete -alias root -keystore "${KEYSTORE}" \
+          -deststorepass aircontrolenterprise -noprompt
+  keytool -delete -alias intermediate1 -keystore "${KEYSTORE}" \
+          -deststorepass aircontrolenterprise -noprompt
+  
   echo "Importing root LE CA cert and intermediaries..."
   keytool -import -trustcacerts -alias root -file "${CATEMPFILE}" \
           -storepass aircontrolenterprise -keystore "${KEYSTORE}" -noprompt
@@ -212,10 +220,6 @@ _EOF
           -storepass aircontrolenterprise -keystore "${KEYSTORE}" -noprompt
 
 
-  #echo "Removing existing certificate from Unifi protected keystore..."
-  #keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \
-  #        -deststorepass aircontrolenterprise
-
   echo "Importing certificate into Unifi keystore..."
   keytool -importkeystore \
           -deststorepass aircontrolenterprise \