Question

Reversing Self-signed SSL Certificate

Hello -

I have used this article https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-16-04 to get my Ubuntu 16.04 server set up for SSL. I am going to use a security company that asks me to remove any existing SSL certificates and set-up. I was wondering the steps I need to take to reverse the above tutorial.

Thanks!

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Accepted Answer

Hey there,

If you follow the reverse of that tutorial, and just do the opposite (so removing) it should work.

If you comment out / delete the following from your virtual hosts file

SSLEngine on

                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

Or whatever you’ve named the files (I’ve just copied it from that tutorial!), once it’s working you can delete those files:

rm /etc/ssl/certs/ssl-cert-snakeoil.pem
rm /etc/ssl/private/ssl-cert-snakeoil.key

Hope this helps,

  • James

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Thanks for the response, James.

I also found these commands helpful in disabling SSL.

sudo a2dismod ssl sudo a2dissite default-ssl sudo service apache2 restart

And follow the prompts from the command line.

I didn’t adjust the firewall settings as I wouldn’t think it would be a bad thing to leave the option for SSL traffic.

If I’m missing something, I’m open to suggestions. As of right now, it appears to have worked.

Thanks!