Suggestion: Certificate self signing hard-coded, maybe worth to split.

Discussion in 'Developers' Forum' started by LaKing, Feb 26, 2011.

  1. LaKing

    LaKing New Member

    Hi there. ...

    I use my own CA to sign my SSL certificates, so I have a slightly modified

    //exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file");
    // HERE comes the only important modification. We sign the CRT file with our own CA!
    exec("openssl ca -batch -out $crt_file -config /etc/pki/CA-lab/openssl.cnf -passin pass:$cert_password -in $csr_file");
    (It looks better to have the 4 calls separated with 4 exec calls. )

    To make the code clean and update friendly, IMO this call should be stored in some external config-like file, that does not get overwritten in an update.

    What is the main developer's opinion on this? :)

    Greetings and respect! ..

Share This Page