How to properly delete/remove expired ssl certificate?

I have an expired ssl cert that needs to be removed.
My question is if I remove it from /etc/ca-certificates/trust-source/anchors/my_cert.crt
and also remove its entry from /etc/ca-certificates/extracted/, and finally run sudo update-ca-trust -f.

  1. Will that do the job?
  2. Is that the appropriate way to remove an expired ssl cert and all of its traces?

This only says how to blacklist certs but not how to completely remove from the system along with any left over traces? So my original question is still valid I guess.