Ubiquiti removed keytool (and java) from recent releases of Unifi OS. This moves from keytool to openssl's native pkcs12.
Tested on Unifi Dream Machine which runs Unifi OS and a built-in Unifi controller.
Also added backup of existing files prior to change in case anything goes wrong, and update system configuration with compatible ciphers.
The --no-run-if-empty option is a GNU extension and the long version isn't supported by *BSD variants.
Instead use the short version (-r) which is present, but ignored as it is the default behavior, in at least FreeBSD: https://www.freebsd.org/cgi/man.cgi?xargs
Most specific zone selected by deepest sub-domain (how many '.' in the domain)
rather than seemingly irrelevant count of the number of characters within the zone.
