This commit addresses several issues related to the creation of leaf certificates signed by functional scope intermediate CAs:
1. **Providing environment variables to `create_cert.sh`:**
* `CertificateController.php` was modified to extract the `ROOT_DOMAIN` from the Root CA certificate.
* The `SAN` (Subject Alternative Name) environment variable is now built dynamically (e.g., `DNS:cert_name.scope_name.root_domain`).
* The `OCSP_URL` (from the application configuration) and `SAN` environment variables are passed to the execution environment of the `create_cert.sh` script. This resolves "variable has no value" errors in OpenSSL when using the intermediate CA configuration file that references `$ENV::OCSP_URL` and `$ENV::SAN`.
2. **Explicit use of `v3_leaf` extensions:**
* The `scripts/create_cert.sh` script was modified to explicitly use `-reqexts v3_leaf` (for the CSR) and `-extensions v3_leaf` (for CA signing). This ensures that the `[v3_leaf]` section of the OpenSSL configuration file (containing SAN and OCSP directives) is correctly applied to leaf certificates.
3. **Correction of success detection in `CertificateController.php`:**
* The string searched for by `strpos` to detect a success message from `create_cert.sh` has been made more precise, ensuring that the PHP controller correctly interprets the script's result.
These changes ensure that leaf certificates are created with the correct extensions and that their creation is properly recognized by the application.
