diff --git a/product/Vifib/Tool/CertificateAuthorityTool.py b/product/Vifib/Tool/CertificateAuthorityTool.py
index f3fa3f0a82e5b1806ce7a0220757d1c698c65169..8f0a554af13e702ec9741defa9969fe16fea4053 100644
--- a/product/Vifib/Tool/CertificateAuthorityTool.py
+++ b/product/Vifib/Tool/CertificateAuthorityTool.py
@@ -63,6 +63,7 @@ class CertificateAuthorityTool(BaseTool):
   allowed_types = ()
 
   certificate_authority_path = ''
+  openssl_binary = ''
   
   manage_options = (({'label': 'Edit',
                       'action': 'manage_editCertificateAuthorityToolForm',},
@@ -72,7 +73,12 @@ class CertificateAuthorityTool(BaseTool):
   _properties = (({'id':'certificate_authority_path',
                    'type':'string',
                    'mode':'w',
-                   'label':'Path to certificate authority'
+                   'label':'Absolute path to certificate authority'
+                   },
+                   {'id':'openssl_binary',
+                   'type':'string',
+                   'mode':'w',
+                   'label':'Absolute path to OpenSSL binary'
                    },
                   )
                  )
@@ -99,19 +105,21 @@ class CertificateAuthorityTool(BaseTool):
     if not os.path.isdir(self.certificate_authority_path):
       raise CertificateAuthorityDamaged('Path to Certificate Authority %r is '
         'wrong' % self.certificate_authority_path)
+    if not self.openssl_binary:
+      raise CertificateAuthorityDamaged('OpenSSL binary path is not '
+        'configured' % self.certificate_authority_path)
+    if not os.path.isfile(self.openssl_binary):
+       raise CertificateAuthorityDamaged('OpenSSL binary %r does not exists' %
+        self.openssl_binary)
     self.serial = os.path.join(self.certificate_authority_path, 'serial')
     self.crl = os.path.join(self.certificate_authority_path, 'crlnumber')
     self.index = os.path.join(self.certificate_authority_path, 'index.txt')
-    self.openssl = os.path.join(self.certificate_authority_path, 'openssl')
     self.openssl_config = os.path.join(self.certificate_authority_path,
       'openssl.cnf')
     self.lock = os.path.join(self.certificate_authority_path, 'lock')
     for f in [self.serial, self.crl, self.index]:
       if not os.path.isfile(f):
         raise CertificateAuthorityDamaged('File %r does not exists.' % f)
-    if not os.path.isfile(self.openssl):
-      raise CertificateAuthorityDamaged('Openssl wrapper %r does not exists' %
-        self.openssl)
 
   security.declarePrivate('manage_afterAdd')
   def manage_afterAdd(self, item, container) :
@@ -137,16 +145,20 @@ class CertificateAuthorityTool(BaseTool):
       __name__='manage_editCertificateAuthorityToolForm')
 
   security.declareProtected(Permissions.ManageProperties, 'manage_editCertificateAuthorityTool')
-  def manage_editCertificateAuthorityTool(self, certificate_authority_path, RESPONSE=None):
+  def manage_editCertificateAuthorityTool(self, certificate_authority_path, openssl_binary, RESPONSE=None):
     """Edit the object"""
     error_message = ''
 
-    #Save certificate_authority_path
     if certificate_authority_path == '' or certificate_authority_path is None:
-      error_message += 'Invalid path '
+      error_message += 'Invalid Certificate Authority'
     else:
       self.certificate_authority_path = certificate_authority_path
 
+    if openssl_binary == '' or openssl_binary is None:
+      error_message += 'Invalid OpenSSL binary'
+    else:
+      self.openssl_binary = openssl_binary
+
     #Redirect
     if RESPONSE is not None:
       if error_message != '':
@@ -171,7 +183,7 @@ class CertificateAuthorityTool(BaseTool):
       csr = os.path.join(self.certificate_authority_path, new_id + '.csr')
       cert = os.path.join(self.certificate_authority_path, 'certs', new_id + '.crt')
       try:
-        keygen = subprocess.Popen([self.openssl, 'req', '-nodes', '-config',
+        keygen = subprocess.Popen([self.openssl_binary, 'req', '-nodes', '-config',
           self.openssl_config, '-new', '-keyout', key, '-out', csr, '-days',
           '3650'], stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
           stdin=subprocess.PIPE)
@@ -180,7 +192,7 @@ class CertificateAuthorityTool(BaseTool):
           LOG('CertificateAuthorityTool', ERROR, 'Issue during key generation, result was:%r' % result)
           keygen.kill()
           raise CertificateGenerationError
-        keysign = subprocess.Popen([self.openssl, 'ca', '-batch', '-config',
+        keysign = subprocess.Popen([self.openssl_binary, 'ca', '-batch', '-config',
           self.openssl_config, '-out', cert, '-infiles', csr], stdout=subprocess.PIPE,
           stderr=subprocess.STDOUT)
         result = keysign.communicate()[0]
@@ -217,7 +229,7 @@ class CertificateAuthorityTool(BaseTool):
       if not os.path.exists(cert):
         raise ValueError('Certificate with serial %r does not exists' % serial)
       try:
-        crl_update = subprocess.Popen([self.openssl, 'ca', '-config',
+        crl_update = subprocess.Popen([self.openssl_binary, 'ca', '-config',
           self.openssl_config, '-revoke', cert], stdout=subprocess.PIPE,
           stderr=subprocess.STDOUT)
         result = crl_update.communicate()[0]
@@ -225,7 +237,7 @@ class CertificateAuthorityTool(BaseTool):
           LOG('CertificateAuthorityTool', ERROR, 'Issue during CRL update, result was:%r' % result)
           crl_update.kill()
           raise CertificateGenerationError
-        crl_gen = subprocess.Popen([self.openssl, 'ca', '-config',
+        crl_gen = subprocess.Popen([self.openssl_binary, 'ca', '-config',
           self.openssl_config, '-gencrl', '-out', crl], stdout=subprocess.PIPE,
           stderr=subprocess.STDOUT)
         result = crl_gen.communicate()[0]
diff --git a/product/Vifib/www/Vifib_editCertificateAuthorityTool.zpt b/product/Vifib/www/Vifib_editCertificateAuthorityTool.zpt
index cde29746db1716a5a302b725d8d4bd660aa9b580..fce34ad4b3d624210e638b86cf2d369610c4ad5e 100644
--- a/product/Vifib/www/Vifib_editCertificateAuthorityTool.zpt
+++ b/product/Vifib/www/Vifib_editCertificateAuthorityTool.zpt
@@ -7,15 +7,23 @@
 
 <form action="manage_editCertificateAuthorityTool" method="POST">
 
-<table tal:define="certificate_authority_path request/certificate_authority_path|context/certificate_authority_path|string:;">
+<table
+ tal:define="certificate_authority_path request/certificate_authority_path|context/certificate_authority_path|string:; openssl_binary request/openssl_binary|context/openssl_binary|string:;">
 
 <tr>
-   <td>Path to configured Certificate Authority</td>
+   <td>Absolute path to configured Certificate Authority</td>
    <td>
      <input type="text" name="certificate_authority_path" value=""
             tal:attributes="value certificate_authority_path;" />
    </td>
 </tr>
+<tr>
+   <td>Absolute path to OpenSSL binary</td>
+   <td>
+     <input type="text" name="openssl_binary" value=""
+            tal:attributes="value openssl_binary;" />
+   </td>
+</tr>
 <tr>
    <td colspan="2"> 
     <input type="submit" value="save"/>