If anyone is still having trouble with this, I just figured out how to do it using an existing Windows certificate. In my case, we have our own internal Certification Authority, but it will work just the same with a certificate issued by GoDaddy or anyone else.
I’m assuming you already know how to export the certificate using the Certificates MMC snap-in, and that the keytool executable from your installed java package is in the path.
1) Export PFX certificate with private key and the option “Include all certificates in the certification path if possible”, using password “aircontrolenterprise” (this is important!)
2) Open a Command Prompt and go to the directory Unifi was installed to then the data directory (example: C:\Users\administrator\Ubiquiti Unifi\data)
3) Find the alias of your exported certificate by using (use the password from step 1):
keytool -list -keystore c:\path\to\pfx.pfx -storetype pkcs12
It will list the certificate starting with its alias, for example:
Keystore type: PKCS12
Keystore provider: SunJSSE
Your keystore contains 1 entry
le-webserver2003-8f6daf5b-8c89-405f-b3bb-045c58656
Certificate fingerprint (MD5): AB:3F:79:FD:F5:1E:B3:69:78:8C:1C:AC:41:B3:29:6B
The certificate alias in this case is le-webserver2003-8f6daf5b-8c89-405f-b3bb-045c58656
4) Rename the existing file called “keystore” to keystore.orig.
5) Run the following command:
keytool -importkeystore -srcstoretype pkcs12 -srcalias src-alias -srckeystore c:\path\to\pfx.pfx -keystore keystore -destalias unifi
Use the same password from step 1.
6) Start the UniFi server.
