SSL Overview
Prerequisites
rsaref
openssl
mod_ssl
Apache HTTP
Certificates
mod_ssl
Sample Compile and Installation
# tar xzvf mod_ssl-2.3.5-1.3.6.tar.gz
# cd mod_ssl-2.3.5-1.3.6
# more INSTALL
Preserve existing Apache configuration...
# cp /opt/src/apache/config.status /opt/src/apache/config.status_19990712
If you already have a signed certificate add the following options
--with-crt=/opt/local/ssl/certs/httpsd.crt
--with-key=/opt/local/ssl/certs/httpsd.key
# ./configure --help
# ./configure --with-apache=/opt/src/apache \
--with-ssl=/opt/src/openssl-0.9.3a \
--with-rsa=/opt/src/rsaref-2.0/local \
--prefix=/opt/web --enable-rule=SSL_SDBM
From the output of configure...
Configuring mod_ssl/2.3.5 for Apache/1.3.6
+ Apache location: /opt/src/apache (Version 1.3.6)
+ OpenSSL location: /opt/src/openssl-0.9.3a
+ RSAref location: /opt/src/rsaref-2.0/local
+ Auxiliary patch tool: ./etc/patch/patch (local)
+ Applying packages to Apache source tree:
o Extended API (EAPI)
o Distribution Documents
o SSL Module Source
o SSL Support
o SSL Configuration Additions
o SSL Module Documentation
o Addons
Done: source extension and patches successfully applied.
Configuring for Apache, Version 1.3.6
+ using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
+ configured for Linux platform
+ setting C compiler to gcc
+ setting C pre-processor to gcc -E
+ checking for system header files
+ adding selected modules
o ssl_module uses ConfigStart/End
+ SSL interface: mod_ssl/2.3.5
+ SSL interface build type: OBJ
+ SSL interface compatibility: enabled
+ SSL interface experimental code: disabled
+ SSL interface vendor extensions: disabled
+ SSL interface plugin: Built-in SDBM
+ SSL library path: /opt/src/openssl-0.9.3a
+ SSL library version: OpenSSL 0.9.3a 29 May 1999
+ SSL library type: source tree only (stand-alone)
+ SSL library plugin mode: RSAref (explicitly configured)
+ SSL library plugin path: /opt/src/rsaref-2.0/local/librsaref.a
+ enabling Extended API (EAPI)
+ doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/main
Creating Makefile in src/ap
Creating Makefile in src/regex
Creating Makefile in src/os/unix
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/ssl
Now proceed with the following commands:
$ cd /opt/src/apache
$ make
$ make install
# cd /opt/src/apache
# diff config.status config.status_19990712
9,10d8
< SSL_BASE="/opt/src/openssl-0.9.3a" \
< RSA_BASE="/opt/src/rsaref-2.0/local" \
14,15c12,15
< "--enable-rule=SSL_SDBM" \
< "--enable-module=ssl" \
---
> "--enable-module=speling" \
> "--enable-module=unique_id" \
> "--activate-module=src/modules/php3/libphp3.a" \
> "--activate-module=src/modules/jserv/mod_jserv" \
# vi config.status
# ./config.status
# make
From the output of make...
+---------------------------------------------------------------------+
| Before you install the package you now should prepare the SSL |
| certificate system by running the 'make certificate' command. |
| For different situations the following variants are provided: |
| |
| % make certificate TYPE=dummy (dummy self-signed Snake Oil cert) |
| % make certificate TYPE=test (test cert signed by Snake Oil CA) |
| % make certificate TYPE=custom (custom cert signed by own CA) |
| % make certificate TYPE=existing (existing cert) |
| CRT=/path/to/your.crt [KEY=/path/to/your.key] |
| |
| Use TYPE=dummy when you're a vendor package maintainer, |
| the TYPE=test when you're an admin but want to do tests only, |
| the TYPE=custom when you're an admin willing to run a real server |
| and TYPE=existing when you're an admin who upgrades a server. |
| (The default is TYPE=test) |
| |
| Additionally add ALGO=RSA (default) or ALGO=DSA to select |
| the signature algorithm used for the generated certificate. |
| |
| Use 'make certificate VIEW=1' to display the generated data. |
| |
| Thanks for using Apache & mod_ssl. Ralf S. Engelschall |
| rse@engelschall.com |
| www.engelschall.com |
+---------------------------------------------------------------------+
# /opt/web/bin/apachectl stop
# make install
From the output of make install...
+--------------------------------------------------------+
| You now have successfully built and installed the |
| Apache 1.3 HTTP server. To verify that Apache actually |
| works correctly you now should first check the |
| (initially created or preserved) configuration files |
| |
| /opt/web/conf/httpd.conf
| |
| and then you should be able to immediately fire up |
| Apache the first time by running: |
| |
| /opt/web/bin/apachectl start
| |
| Or when you want to run it with SSL enabled use: |
| |
| /opt/web/bin/apachectl startssl
| |
| Thanks for using Apache. The Apache Group |
| http://www.apache.org/ |
+--------------------------------------------------------+
# /opt/web/bin/httpd -l
# /opt/web/bin/httpd -v
Perform Certificate management here...
# cd /opt/web/conf/
# cp httpd.conf httpd.conf_19990712
# cp httpd.conf.default httpd.conf
# vi httpd.conf
# /opt/web/bin/apachectl start
# /opt/web/bin/apachectl stop
# /opt/web/bin/apachectl startssl