originally written by JC Lawrence
Start out by getting the sources. I recommend using snarf (GettingSnarf):
Start out by getting the sources. I recommend using snarf (GettingSnarf):
# snarf http://www.apache.org/dist/apache_1.3.12.tar.gz # snarf http://www.openssl.org/source/openssl-0.9.5a.tar.gz # snarf ftp://ftp.MASTER.pgp.net/pub/crypto/SSL/Apache-SSL/apache_1.3.12+ssl_1.41.tar.gzYou'll also need a patch against OpenSSLto make configuring it easier. I stole the patche from RH, and you can find a copy here: OpenSSLPatchFile (openssl-cnf.patch below). The following is somewhat RedHat specific. Doing the same things under Debian is actually a lot easier (just "apt-get source ..." the files, patch them for your particular needs, and then "./debian/rules binary" to make noew .debs with your changes) You can find a copy of the source files in penguin2u.nuron.com:~src Once you've got the sources, unpack OpenSSL and Apache:
# tar zxf openssl-0.9.5a.tar.gz # tar zxf apache_1.3.12.tar.gzNow patch and build OpenSSL:
# cd openssl-0.9.5.a # ./Configure --prefix=/usr --openssldir=/var/lib/ssl linux-elf # make -j 5 linux-shared # make install # ln -s /usr/bin/openssl /usr/bin/ssleayNow patch Apache:
# cd apache_1.3.12 # tar zxvf ../apache_1.3.12+ssl_1.41.tar.gz # patch -p1 < SSLpatchEdit src/Configuration.tmpl and change the following values to the values shown:
SSL_BASE=/usr SSL_INCLUDE= -I$(SSL_BASE)/include/openssl SSL_LIB_DIR= /usr/lib SSL_APP_DIR= $(SSL_BASE)/bin SSL_APP= ~src/openssl-0.9.5aConfigure, build and install Apache:
# ./configure --without-confadjust --prefix=/home/httpsd --sysconfdir=/etc/httpsd/conf --mandir=/usr/man --sbindir=/home/httpsd/sbin --includedir=/usr/include/apache --datadir=/home/httpsd --localstatedir=/var --runtimedir=/var/run --logfiledir=/var/log/httpsd --libexecdir=/home/httpsd/libexec --suexec-docroot=/home/httpsd/html --enable-module=auth_anon --enable-shared=auth_anon --enable-module=auth_db --enable-shared=auth_db --enable-module=digest --enable-shared=digest --enable-module=expires --enable-shared=expires --enable-module=headers --enable-shared=headers --enable-module=mime_magic --enable-shared=mime_magic --enable-module=mmap_static --enable-shared=mmap_static --enable-module=proxy --enable-shared=proxy --proxycachedir=/var/spool/proxy --enable-module=rewrite --enable-shared=rewrite --enable-module=speling --enable-shared=speling --enable-module=status --enable-shared=status --enable-module=unique_id --enable-shared=unique_id --enable-module=usertrack --enable-shared=usertrack --enable-suexec --suexec-caller=nobody --suexec-uidmin=500 --suexec-gidmin=500 # echo I've had erratic build failures when doing parallel makes here, # echo so don't use a -j option to make for safety. # make # make installNow we need init and config files for Apache:
- /etc/rc.d/init.d/httpsd.init: ApacheSSLHttpsdInit
- /etc/https/conf/httpsd.conf: ApacheSSLHttpsdConf (this seems to get installed automatically by the Apache "make install")
# chkconfig --add httpsd.initMake the certificate files for SSL:
# cd /etc/httpsd/conf # mkdir certs # cd certs # openssl req -new > new.cert.csr # openssl rsa -in privkey.pem -out new.cert.key # openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365The process should look something like ApacleSSLExampleCertGeneration. If you need to create client certificates, follow the example http://mail.ooc.nf.ca/fssl/manual2/certs.html and do the following:
# CA.sh -newca # CA.sh -newreq # CA.sh -sign # openssl pkcs8 -outform DER -in newreq.pem -out server.key -topk8 # openssl x509 -outform DER -in newcert.pem -out server.der # CA.sh -newreq # CA.sh -sign # openssl pkcs8 -outform DER -in newreq.pem -out client.key -topk8 # openssl x509 -outform DER -in newcert.pem -out client.der # openssl x509 -outform DER -in demoCA/cacert.pem -out ca.der # openssl x509 -in server.der -inform DER > server.pem # openssl x509 -in client.der -inform DER > client.pemAn [ExampleSSLCAandCertificatesGeneration][http://mail.ooc.nf.ca/fssl/manual2/certs.html]] This process and reasoning is explained here: http://mail.ooc.nf.ca/fssl/manual2/ Edit
/etc/httpsd/conf/httpsd.conf to match the following:
SSLCertificateFile /etc/httpsd/conf/certs/new.cert.cert SSLCertificateKeyFile /etc/httpsd/conf/certs/new.cert.keyCreate the initial document tree (this assumes that your have the normal RedHat Apache RPM installed):
# adduser httpsd # cd /home/httpd # cp -rav . ~httpsd/ # cd ~httpsd # mkdir bin cache html libexec sbin # chown httpsd.httpsd `find .`Start ApacheSSL as follows:
# /home/httpsd/sbin/httpsdctl startIt should start at this point. If not, check /var/log/httpsd/error.log for details. -- JcLawrence - 07 Sep 2000
Edit | Attach | Print version | History: r1 | Backlinks | Raw View | More topic actionsTopic revision: r1 - 01 Feb 2002 - MattWalsh
Home 
Site map
Main web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Copyright © 2008-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback