Generating a new SSL certificate for OctoPi - PrusaMK2Users/MK2_Tips_and_Tricks GitHub Wiki

The OctoPi distribution includes a generic SSL certificate. It is better than nothing, but as this is a common certificate, it could be compromised. Listed below are instructions to generate your own SLL certificate that'll be used by OctoPrint and HAProxy.

# Open a root shell
sudo -i

# Change to the /etc/ssl directory, where certificates are stored.
cd /etc/ssl/

# Request a new self-signed certificate, with a 10-year expiration, and 4096-bit RSA key
# It will ask you a lot of questions for details to put in the certificate.
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout newcert.key -out newcert.crt

# Concatenate the new key and self-signed certificate into a single file the way HAProxy likes it
# Feel free to use a different name than 'snakeoil.pem' so long as you edit haproxy.cfg to match
cat newcert.crt newcert.key > snakeoil.pem

# Restart HAProxy so that the new certificate takes effect.
systemctl restart haproxy

# Leave the root shell and go back to normal.
exit