Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Generating a new SSL certificate for OctoPi
The OctoPi distribution includes a generic SSL certificate. It is better than nothing, but as this is a common certificate, it could be compromised. Listed below are instructions to generate your own SLL certificate that'll be used by OctoPrint and HAProxy.
# Open a root shell sudo -i # Change to the /etc/ssl directory, where certificates are stored. cd /etc/ssl/ # Request a new self-signed certificate, with a 10-year expiration, and 4096-bit RSA key # It will ask you a lot of questions for details to put in the certificate. openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout newcert.key -out newcert.crt # Concatenate the new key and self-signed certificate into a single file the way HAProxy likes it # Feel free to use a different name than 'snakeoil.pem' so long as you edit haproxy.cfg to match cat newcert.crt newcert.key > snakeoil.pem # Restart HAProxy so that the new certificate takes effect. systemctl restart haproxy # Leave the root shell and go back to normal. exit