Separate CAs for client certs and server cert chain

- Modified the VirtualHost screen to make more clear the difference between "server certificate chain" and "client certification authority"
- Modified configuration generation accordingly with proper options (SSLCertificateChainFile for server cert chain, SSLCACertificateFile for client certificates) according to Apache documentation

1 files changed, 7 insertions, 2 deletions

diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc
index 31be95cf..2728e2e9 100644
--- a/config/apache_mod_security-dev/apache_mod_security.inc
+++ b/config/apache_mod_security-dev/apache_mod_security.inc
@@ -569,9 +569,14 @@ EOF;
 							$vh_config.= " SSLCertificateKeyFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.key\n";
 			       			}
 						}
-					$svr_ca =lookup_ca($virtualhost["reverse_int_ca"]);
+					$svr_ca =lookup_ca($virtualhost["ssl_cert_chain"]);
 					if ($svr_ca != false) {
-							file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX);
+							file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX);
+							$vh_config.= " SSLCertificateChainFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt\n";
+							}
+					$cli_ca =lookup_ca($virtualhost["reverse_int_ca"]);
+					if ($cli_ca != false) {
+							file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($cli_ca['crt']),LOCK_EX);
 							$vh_config.= " SSLCACertificateFile ". APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt\n";
 							}
 					}