Remove openssl certificate

I made a openssl certification but i don't want it anymore so how do i remove it?

I used this Guide:

If you followed the tutorial exactly, it may be as simple as deleting the files listed here:

ls -l /etc/ssl/newcert.*
ls -l /etc/ssl/snakeoil.pem

Followed by restarting the haproxy service as you did before.

1 Like

when i do:
ls -l /etc/ssl/newcert.*

it says:
ls: cannot access '/etc/ssl/newcert.*': No such file or directory

Your earlier tutorial had you start the session as the root user. And this user should have the correct rights to see into any system-wide folders.

I see from the OctoPi repository that this is part of the setup (so we go to school on this):

# Not expected to work
rm /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem

But of course, the pi user wouldn't be able to do that. I assume that script would be running as root, as in...

# Now with enough rights to work
sudo rm /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem

I have to admit that I'm confused at this point. The OctoPi image refers to the snakeoil.pem path as /etc/ssl. But then there's a script which generates the right stuff (at bootup):



if [ ! -f $keyfile ] || [ ! -s $keyfile ] || [ ! -f $pemfile ] || [ ! -s $pemfile ] || [ ! -f $certfile ] || [ ! -s $certfile ]; then
  echo "Generating SSL certificate"
  sudo make-ssl-cert generate-default-snakeoil --force-overwrite 
  sudo cat $keyfile $pemfile > $certfile

Alright, I get it now. I guess then here's is the expected magic to get back to square one (final answer):

sudo rm /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem
sudo rm /etc/ssl/*.pem /etc/ssl/newcert.*
sudo reboot

OctoPi's gencert service should automatically generate a new PEM file at bootup.

1 Like