Question

78

What is the purpose of the ssl-cert-snakeoil.key

rated 0 times [ 78] [ 0] / answers: 1 / hits: 112818 / 1 Year ago, mon, february 20, 2023, 4:27:23

Right now I installed ubuntu 12.04.3 server which I want to access via ssh. For that reason I created a private key which I moved to

/etc/ssl/private/

I'm just wondering why there already is private key ssl-cert-snakeoil.key in there. Where is this private key used and can I delete it?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

lishrag

Add To Favorites

Follow

Total Points: 306

Total Questions: 109

Total Answers: 125

Location: Saint Lucia

Member since Wed, Feb 8, 2023

1 Year ago

lishrag questions

1 22.04 Jammy: Is there a kernel bug that causes VirtualBox to misbehave with 5.15.0-47-generic #51-Ubuntu SMP Thu Aug 11 07:51:15 UTC 2022 x86_64

Thu, Sep 22, 22, 22:23, 2 Years ago

1 Is there any way to alias ";;" to "ll"?

Wed, Jul 6, 22, 22:50, 2 Years ago

1 Terrible dual monitor desktop performance with Intel Iris Xe on Ubuntu 20.04

Wed, Jul 27, 22, 06:32, 2 Years ago

1 How can I install ubuntu 20.04 packages to 21.10?

Wed, Apr 13, 22, 16:23, 2 Years ago

1 Fn key lock of Logitech keyboard

Wed, Oct 19, 22, 07:01, 2 Years ago

View All

answered 1 Year ago bewre · Accepted Answer

The ssl-snakeoil.key is a key created by ssl-cert package post-install scripts. It's created for the snakeoil user and should not be deleted:

grep '#' /var/lib/dpkg/info/ssl-cert.postinst 

#!/bin/sh -e

# Create the ssl-cert system group for snakeoil ownership:

# Check if the generated snakeoil key/cert has been generated 

# from a vulnerable openssl version and replace it if necessary.

    # check if the cert and key file exist,

    # the issuer and subject are the same (self signed cert)

    # and the private key is vulnerable

# no need to perform any check. If the certificates are there

# it will exit 0.

# allow group ssl-cert to access /etc/ssl/private

# If we're upgrading from an older version, fix the unreadable key:

Now, what's the ssl-cert package:

This package enables unattended installs of packages that
need to create SSL certificates.

It is a simple wrapper for OpenSSL's certificate request utility that
feeds it with the correct user variables.

So it is a certificate used to install packages that need to create SSL certificates, so the system generates one on the fly with the installation of this package.

As a side note, this package is not exclusive to Ubuntu, since it also appears in Debian.