diff --git a/install/dist/conf/centos52.conf.php b/install/dist/conf/centos52.conf.php
index 8ff03ce603002d667cba2985824a234ebf5a43c4..3e4c28900e3ece188fd3dd98d48047c23a3acb3c 100644
--- a/install/dist/conf/centos52.conf.php
+++ b/install/dist/conf/centos52.conf.php
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'crond';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
 $conf['cron']['wget'] = '/usr/bin/wget';
 
+$conf['CA-path'] = '/etc/pki/CA';
+
 ?>
diff --git a/install/dist/conf/centos53.conf.php b/install/dist/conf/centos53.conf.php
index 8ff03ce603002d667cba2985824a234ebf5a43c4..3e4c28900e3ece188fd3dd98d48047c23a3acb3c 100644
--- a/install/dist/conf/centos53.conf.php
+++ b/install/dist/conf/centos53.conf.php
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'crond';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
 $conf['cron']['wget'] = '/usr/bin/wget';
 
+$conf['CA-path'] = '/etc/pki/CA';
+
 ?>
diff --git a/install/dist/conf/debian40.conf.php b/install/dist/conf/debian40.conf.php
index d17670164438cda6d108da400ea5f60aa793e74a..5c62a416d6d0665e969c73fc4f82607a3003fb6d 100644
--- a/install/dist/conf/debian40.conf.php
+++ b/install/dist/conf/debian40.conf.php
@@ -190,5 +190,8 @@ $conf['vlogger']['config_dir'] = '/etc';
 $conf['cron']['init_script'] = 'cron';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
 $conf['cron']['wget'] = '/usr/bin/wget';
+
+$conf['CA-path'] = '/etc/ssl';
+
 
 ?>
diff --git a/install/dist/conf/debian60.conf.php b/install/dist/conf/debian60.conf.php
index c1344d50985aa23cde682103ff8e0503ac7e744d..6790fc66249a242950242c5d50831a41a10626f3 100644
--- a/install/dist/conf/debian60.conf.php
+++ b/install/dist/conf/debian60.conf.php
@@ -190,5 +190,8 @@ $conf['vlogger']['config_dir'] = '/etc';
 $conf['cron']['init_script'] = 'cron';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
 $conf['cron']['wget'] = '/usr/bin/wget';
+
+$conf['CA-path'] = '/etc/ssl';
+
 
 ?>
diff --git a/install/dist/conf/fedora9.conf.php b/install/dist/conf/fedora9.conf.php
index ea1affa73732844f209696aee8f3feb96c095094..ac36a107d85346bb910650f4151787378aebc965 100644
--- a/install/dist/conf/fedora9.conf.php
+++ b/install/dist/conf/fedora9.conf.php
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'crond';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
 $conf['cron']['wget'] = '/usr/bin/wget';
 
+$conf['CA-path'] = '/etc/pki/CA';
+
 ?>
diff --git a/install/dist/conf/gentoo.conf.php b/install/dist/conf/gentoo.conf.php
index 1fd634ac3e0a051707274db723b8d40db4d366c1..018ab8ff0b99f12d1ff9aa289af44517051c74f6 100644
--- a/install/dist/conf/gentoo.conf.php
+++ b/install/dist/conf/gentoo.conf.php
@@ -202,4 +202,7 @@ $conf['cron']['init_script'] = 'vixie-cron';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
 $conf['cron']['group'] = 'cron';
 $conf['cron']['wget'] = '/usr/bin/wget';
+
+$conf['CA-path'] = '/etc/ssl';
+
 ?>
diff --git a/install/dist/conf/opensuse110.conf.php b/install/dist/conf/opensuse110.conf.php
index 293c4d71bfac233ac448204edcdaeac600541f1b..82467e56037d926d0abc55c004738a385388b98f 100644
--- a/install/dist/conf/opensuse110.conf.php
+++ b/install/dist/conf/opensuse110.conf.php
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'cron';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
 $conf['cron']['wget'] = '/usr/bin/wget';
 
+$conf['CA-path'] = '/etc/ssl';
+
 ?>
diff --git a/install/dist/conf/opensuse112.conf.php b/install/dist/conf/opensuse112.conf.php
index 88c1c6e6975c891b88eeeefc41cce6854017ff46..0b89c5b7a8525306c97d54c08ef99da6ec65a4e2 100644
--- a/install/dist/conf/opensuse112.conf.php
+++ b/install/dist/conf/opensuse112.conf.php
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'cron';
 $conf['cron']['crontab_dir'] = '/etc/cron.d';
 $conf['cron']['wget'] = '/usr/bin/wget';
 
+$conf['CA-path'] = '/etc/ssl';
+
 ?>
diff --git a/install/dist/lib/fedora.lib.php b/install/dist/lib/fedora.lib.php
index eec9af6cc785752eb9475b3bafc7293cd405b157..24ea083a63e26c9d377e7995c1cef08733f68d6d 100644
--- a/install/dist/lib/fedora.lib.php
+++ b/install/dist/lib/fedora.lib.php
@@ -695,6 +695,10 @@ class installer_dist extends installer_base {
 		$content = str_replace('{server_id}', $conf['server_id'], $content);
 		$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
 		$content = str_replace('{language}', $conf['language'], $content);
+
+		if (!$conf['CA-enabled']) $content = str_replace('$conf[\'CA', '//$conf[\'CA', $content);
+		$content = str_replace('{CA-path}', $conf['CA-path'], $content);
+		$content = str_replace('{CA-pass}', $conf['CA-pass'], $content);
 		
 		wf("$install_dir/server/lib/$configfile", $content);
 		
diff --git a/install/dist/lib/gentoo.lib.php b/install/dist/lib/gentoo.lib.php
index 428cb98ae935842db7cb3cb505d8d632947cc044..17e10d1e615e8d2e6ef8bd4bd8260853c8a5ed49 100644
--- a/install/dist/lib/gentoo.lib.php
+++ b/install/dist/lib/gentoo.lib.php
@@ -667,6 +667,10 @@ class installer extends installer_base
 		
 		$this->write_config_file("$install_dir/interface/lib/$configfile", $content);
 		
+		if(!$conf['CA-enabled']) $content = str_replace('$conf[\'CA','//$conf[\'CA', $content);
+		$content = str_replace('{CA-path}', $conf['CA-path'], $content);
+		$content = str_replace('{CA-pass}', $conf['CA-pass'], $content);
+
 		//* Create the config file for ISPConfig server
 		$this->write_config_file("$install_dir/server/lib/$configfile", $content);
 		
diff --git a/install/dist/lib/opensuse.lib.php b/install/dist/lib/opensuse.lib.php
index ec01255eb067a25b697e679efb6aea53e2f2fd41..3bb66fc10cfb606faee6891f7d890d6923d45cf0 100644
--- a/install/dist/lib/opensuse.lib.php
+++ b/install/dist/lib/opensuse.lib.php
@@ -708,6 +708,10 @@ class installer_dist extends installer_base {
 		$content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);
 		$content = str_replace('{language}', $conf['language'], $content);
 		
+		if(!$conf['CA-enabled']) $content = str_replace('$conf[\'CA','//$conf[\'CA', $content);
+		$content = str_replace('{CA-path}', $conf['CA-path'], $content);
+		$content = str_replace('{CA-pass}', $conf['CA-pass'], $content);
+
 		wf("$install_dir/server/lib/$configfile", $content);
 		
 		//* Create the config file for remote-actions (but only, if it does not exist, because
diff --git a/install/install.php b/install/install.php
index e5785fa744367c621fce97174692abbf6aae5a79..7b7afed6cd83d377ec11814376ce37be95784eab 100644
--- a/install/install.php
+++ b/install/install.php
@@ -438,6 +438,19 @@ if($install_mode == 'standard') {
 		$inst->configure_firewall();
 	}
 	
+	//** Configure CA
+	if(strtolower($inst->simple_query('Should this installation use a local CA to default-sign certificates?',array('y','n'),'n')) == 'y') {	
+		$conf['CA-enabled'] = true;
+		$conf['CA-path'] = $inst->free_query('Path to the CA folder: ', $conf['CA-path']);
+		$conf['CA-pass'] = $inst->free_query('Root Certificate Passphrase', '');
+		if(!is_file($conf['CA-path'].'/openssl.cnf'))
+		{
+		    swriteln('ERROR. '.$conf['CA-path'].'/openssl.cnf not found.');
+		    $conf['CA-enabled'] = false;
+		} 
+		//$inst->configure_ca();
+	} else {$conf['CA-enabled'] = false;};
+	
 	//** Configure ISPConfig :-)
 	if(strtolower($inst->simple_query('Install ISPConfig Web Interface',array('y','n'),'y')) == 'y') {
 		swriteln('Installing ISPConfig');
diff --git a/install/tpl/config.inc.php.master b/install/tpl/config.inc.php.master
index 1ce1c888fbfc5542aff417fa23de9e7ac44f47d1..e3e386e42c0649d7ba5d3a3a6c7229fa675211e8 100644
--- a/install/tpl/config.inc.php.master
+++ b/install/tpl/config.inc.php.master
@@ -157,6 +157,10 @@ $conf['interface_logout_url'] = ''; // example: http://www.domain.tld/
 $conf['start_db'] = true;
 $conf['start_session'] = true;
 
+//** CA-configuration
+$conf['CA-path'] = '{CA-path}';
+$conf['CA-pass'] = '{CA-pass}';
+
 
 //** Constants
 define('LOGLEVEL_DEBUG',0);
diff --git a/install/update.php b/install/update.php
index 17f6c3c3ca16d5db5ad91fa33ac0a95a95532df1..f5b2380f1e8a9c288cc98f06a5ad8d0bfd409929 100644
--- a/install/update.php
+++ b/install/update.php
@@ -303,6 +303,20 @@ if($reconfigure_services_answer == 'yes') {
 	//}
 }
 
+	//** Configure CA
+	if(strtolower($inst->simple_query('Should this installation use a local CA to default-sign certificates?',array('y','n'),'n')) == 'y') {	
+		$conf['CA-enabled'] = true;
+		$conf['CA-path'] = $inst->free_query('Path to the CA folder: ', $conf['CA-path']);
+		$conf['CA-pass'] = $inst->free_query('Root Certificate Passphrase', '');
+		if(!is_file($conf['CA-path'].'/openssl.cnf'))
+		{
+		    swriteln('ERROR. '.$conf['CA-path'].'/openssl.cnf not found.');
+		    $conf['CA-enabled'] = false;
+		} 
+		//$inst->configure_ca();
+	} else {$conf['CA-enabled'] = false;};
+
+
 //** Configure ISPConfig
 swriteln('Updating ISPConfig');
 
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index f6161b9c48e982d74cda74af9f2789748be1250d..41ee39745073e0a49f0146db18b3b14c1e2c3ea8 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -137,8 +137,18 @@ class apache2_plugin {
 			$crt_file = escapeshellcmd($crt_file);
 
 			if(is_file($ssl_cnf_file)) {
-				exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file && openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file && openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");
-				$app->log('Creating SSL Cert for: '.$domain,LOGLEVEL_DEBUG);
+	    
+				exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048");
+				exec("openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file");
+				if(isset($conf['CA-path']) && isset($conf['CA-pass']) )
+				{
+					exec("openssl ca -batch -out $crt_file -config ".$conf['CA-path']."/openssl.cnf -passin pass:".$conf['CA-pass']." -in $csr_file");
+					$app->log("Creating CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
+				} else{
+					exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file ");
+					$app->log("Creating self-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
+				};
+			exec("openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");
 			}
 
 			exec('chmod 400 '.$key_file2);
@@ -178,6 +188,11 @@ class apache2_plugin {
 			$csr_file = $ssl_dir.'/'.$domain.'.csr';
 			$crt_file = $ssl_dir.'/'.$domain.'.crt';
 			$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
+			if(isset($conf['CA-path']) && isset($conf['CA-pass']) )
+				{
+					exec("openssl ca -batch -config ".$conf['CA-path']."/openssl.cnf -passin pass:".$conf['CA-pass']." -revoke $crt_file");
+					$app->log("Revoking CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);
+				};
 			unlink($csr_file);
 			unlink($crt_file);
 			unlink($bundle_file);
@@ -597,7 +612,7 @@ class apache2_plugin {
 		$crt_file = $ssl_dir.'/'.$domain.'.crt';
 		$bundle_file = $ssl_dir.'/'.$domain.'.bundle';
 
-		if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {
+		if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0)  && (@filesize($key_file)>0)) {
 			$vhost_data['ssl_enabled'] = 1;
 			$app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);
 		} else {