Hi there. ...
I use my own CA to sign my SSL certificates, so I have a slightly modified apache2_plugin.inc.php
//exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file");
// HERE comes the only important modification. We sign the CRT file with our own CA!
exec("openssl ca -batch -out $crt_file -config /etc/pki/CA-lab/openssl.cnf -passin pass:$cert_password -in $csr_file");
(It looks better to have the 4 calls separated with 4 exec calls. )
To make the code clean and update friendly, IMO this call should be stored in some external config-like file, that does not get overwritten in an update.
What is the main developer's opinion on this?
Greetings and respect! ..