Suggestion: Certificate self signing hard-coded, maybe worth to split.

[LaKing]

Hi there. ...

I use my own CA to sign my SSL certificates, so I have a slightly modified apache2_plugin.inc.php

Code:

//exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file");

// HERE comes the only important modification. We sign the CRT file with our own CA!

exec("openssl ca -batch -out $crt_file -config /etc/pki/CA-lab/openssl.cnf -passin pass:$cert_password -in $csr_file");

(It looks better to have the 4 calls separated with 4 exec calls. )

To make the code clean and update friendly, IMO this call should be stored in some external config-like file, that does not get overwritten in an update.

What is the main developer's opinion on this?

Greetings and respect! ..