diff --git a/app/controllers/admin/api_users_controller.rb b/app/controllers/admin/api_users_controller.rb
index 7336c1d1e..27bed6a80 100644
--- a/app/controllers/admin/api_users_controller.rb
+++ b/app/controllers/admin/api_users_controller.rb
@@ -12,10 +12,7 @@ class Admin::ApiUsersController < AdminController
   end
 
   def create
-    app = api_user_params
-    app[:csr] = params[:api_user][:csr].open.read if params[:api_user][:csr]
-
-    @api_user = ApiUser.new(app)
+    @api_user = ApiUser.new(api_user_params)
 
     if @api_user.save
       flash[:notice] = I18n.t('record_created')
@@ -31,10 +28,7 @@ class Admin::ApiUsersController < AdminController
   def edit; end
 
   def update
-    app = api_user_params
-    app[:csr] = params[:api_user][:csr].open.read if params[:api_user][:csr]
-
-    if @api_user.update(app)
+    if @api_user.update(api_user_params)
       flash[:notice] = I18n.t('record_updated')
       redirect_to [:admin, @api_user]
     else
@@ -60,6 +54,6 @@ class Admin::ApiUsersController < AdminController
   end
 
   def api_user_params
-    params.require(:api_user).permit(:username, :password, :csr, :active, :registrar_id, :registrar_typeahead)
+    params.require(:api_user).permit(:username, :password, :active, :registrar_id, :registrar_typeahead)
   end
 end
diff --git a/app/models/api_user.rb b/app/models/api_user.rb
index 6d71b1671..09a849277 100644
--- a/app/models/api_user.rb
+++ b/app/models/api_user.rb
@@ -10,8 +10,6 @@ class ApiUser < User
   validates :username, :password, :registrar, presence: true
   validates :username, uniqueness: true
 
-  before_save :create_crt, if: -> (au) { au.csr_changed? }
-
   attr_accessor :registrar_typeahead
 
   def ability
@@ -30,28 +28,5 @@ class ApiUser < User
   def queued_messages
     registrar.messages.queued
   end
-
-  def create_crt
-    csr_file = Tempfile.new('client_csr')
-    csr_file.write(csr)
-    csr_file.rewind
-
-    crt_file = Tempfile.new('client_crt')
-    _out, err, _st = Open3.capture3("openssl ca -keyfile #{APP_CONFIG['ca_key_path']} \
-    -cert #{APP_CONFIG['ca_cert_path']} \
-    -extensions usr_cert -notext -md sha256 \
-    -in #{csr_file.path} -out #{crt_file.path} -key '#{APP_CONFIG['ca_key_password']}' -batch")
-
-    if err.match(/Data Base Updated/)
-      crt_file.rewind
-      self.crt = crt_file.read
-      return true
-    else
-      errors.add(:base, I18n.t('failed_to_create_certificate'))
-      logger.error('FAILED TO CREATE CLIENT CERTIFICATE')
-      logger.error(err)
-      return false
-    end
-  end
 end
 # rubocop: enable Metrics/ClassLength
diff --git a/app/views/admin/api_users/_form.haml b/app/views/admin/api_users/_form.haml
index b8fd1071f..29f8b1179 100644
--- a/app/views/admin/api_users/_form.haml
+++ b/app/views/admin/api_users/_form.haml
@@ -7,7 +7,7 @@
     %hr
 
   .row
-    .col-md-6
+    .col-md-12
       .form-group
         = f.label :username
         = f.text_field(:username, class: 'form-control')
@@ -26,11 +26,6 @@
           %label{for: 'api_user_active'}
             = f.check_box(:active)
             = t('active')
-
-    .col-md-6.text-left
-      .form-group
-        = f.label :csr, t('certificate_signing_req')
-        = f.file_field :csr
   %hr
   .row
     .col-md-12.text-right