Does OpenSSL really need a path to openssl.conf?

Question

I want to create a self-signed-certificate in PHP 5.x. with my own (alternative) openssl configuration which should be defined by my PHP code. The PHP script will run on differe

Answer 1

There are many configuration settings in OpenSSL that can't be defined in PHP by $configargs (the PHP parameters you pass to the OpenSSL functions).

If you don't specify an alternative openssl configuration file, it will automatically take the default openssl.cnf.

Recommendation: Since your script will run on different servers, you should always use your own openssl.cnf.

Just create a simple text file and put the following 4 lines in it. Then pass the path to it to the OpenSSL function you are using (look at your second example above).

distinguished_name  = req_distinguished_name
[req_distinguished_name]
[v3_req]
[v3_ca]

It seems that these 4 lines are the minimum openssl.cnf must contain.