Unifi products like the CloudKey Gen 2 are difficult to secure by default due to deficiencies in the Unifi OS.
This means that users are forced to either use the default self-signed certificates, or jump through some complicated (and frequently changing) steps to constantly reprovision the certificates on the device.
These certificates are used for both HTTPS, and also RTSPS streams.
When configuring the Unifi Protect integration, there is currently an option to “Verify SSL”, which defaults to off (sensible defaults for greatest compatibility).
The Unifi Protect component continues to advertise the RTSPS camera endpoint however, meaning other integrations (such as WebRTC integrations) then fail as the RTSPS certificates are also self-signed.
It would make sense to me that if the user has disabled SSL Verification, the component should advertise the rtsp_url as the stream source, rather than the rtsps_url. Alternatively, the component could allow the user to select which stream to advertise, but the current behavior is rather difficult to diagnose for an average user.
If you access them through the UI direct URL, which can be find via discovery or the console system API, it does have a valid SSL cert as that is the one they use for unifi.ui.com.
Hmm, have you got an example of this? When I go to unifi.ui.com, the rtsps link they provide for my camera is rtsps://[ipaddress]:7441/[token]?enableSrtp, and when discovery kicks in, the logs are filled with self-signed-cert warnings. Wondering what I’ve missed.
I wanted to share some information I just learned while configuring Frigate with UniFi RTSPS/RTSPX and Go2RTC. In my case, I had trouble using Go2RTC and discovered that you can also use an RTSP stream locally with UniFi.
You can transform this RTSPS link: rtsps://192.168.1.1:7441/CnhLKtvnsIOsgV15?enableSrtp
to an RTSP link: rtsp://192.168.1.1:7447/CnhLKtvnsIOsgV15
by changing from rtsps to rtsp and from port 7441 to 7447. Also, the “?enableSrtp” needs to be removed in any case.
In Frigate, I can then use the stream directly with FFmpeg instead of Go2RTC.
This method simplifies the integration process, making it more straightforward to connect UniFi cameras with Frigate for home surveillance or other security applications. By bypassing the need for Go2RTC, you may also see improved stream stability and reduce the complexity of your setup.
I hope this information will save someone days of debugging in the future