Compile, Install and Configure Apache 1.3 and mod_ssl from source.
Apache 1.3 + SSL
#------------------------------------------------------------------------------
# Pre Install
#------------------------------------------------------------------------------
> remove rpm packages
rpm -e httpd-manual; rpm -e mod_ssl; rpm -e httpd
>Downlaod apache and mod_ssl
>Install openssl
tar zxvf openssl-0.9.8g.tar.gz
cd openssl-0.9.8g
./config --prefix=/usr/local --openssldir=/usr/local/openssl
make
>If no error, go to next
make test
make install
>Install mod_ssl
tar zxvf mod_ssl-2.8.30-1.3.39.tar.gz
tar zxvf apache_1.3.39.tar.gz
#Patch Apache with mod_ssl
cd mod_ssl-2.8.30-1.3.39
./configure --with-apache=../apache_1.3.39 --with-ssl=../openssl-0.9.8g
#Build Apache
CFLAGS='-DEAPI' \
SSL_BASE=../openssl-0.9.8g \
./configure \
--prefix=/usr/local/apache_1.3.39 \
--enable-module=ssl \
--enable-shared=ssl \
--enable-module=so \
--server-uid=apache \
--server-gid=apache
make
| Before you install the package you now should prepare the SSL |
| certificate system by running the 'make certificate' command. |
| For different situations the following variants are provided: |
| |
| % make certificate TYPE=dummy (dummy self-signed Snake Oil cert) |
| % make certificate TYPE=test (test cert signed by Snake Oil CA) |
| % make certificate TYPE=custom (custom cert signed by own CA) |
| % make certificate TYPE=existing (existing cert) |
| CRT=/path/to/your.crt [KEY=/path/to/your.key] |
| |
| Use TYPE=dummy when you're a vendor package maintainer, |
| the TYPE=test when you're an admin but want to do tests only, |
| the TYPE=custom when you're an admin willing to run a real server |
| and TYPE=existing when you're an admin who upgrades a server. |
| (The default is TYPE=test) |
| |
| Additionally add ALGO=RSA (default) or ALGO=DSA to select |
| the signature algorithm used for the generated certificate. |
| |
| Use 'make certificate VIEW=1' to display the generated data. |
make certificate TYPE=test
#----------------------------------------------------------------------
Signature Algorithm ((R)SA or (D)SA) [R]:R
1. Country Name (2 letter code) [XY]:US
2. State or Province Name (full name) [Snake Desert]:Hong Kong
3. Locality Name (eg, city) [Snake Town]:Hong Kong
4. Organization Name (eg, company) [Snake Oil, Ltd]:ALife
5. Organizational Unit Name (eg, section) [Webserver Team]:
6. Common Name (eg, FQDN) [www.snakeoil.dom]:www.alife.com
7. Email Address (eg, name@FQDN) [www@snakeoil.dom]:
8. Certificate Validity (days) [365]:
Certificate Version (1 or 3) [3]:3
Encrypt the private key now? [Y/n]: y
writing RSA key
Enter PEM pass phrase:password
Verifying - Enter PEM pass phrase:password
RESULT: Server Certification Files
o conf/ssl.key/server.key
The PEM-encoded RSA private key file which you configure
with the 'SSLCertificateKeyFile' directive (automatically done
when you install via APACI). KEEP THIS FILE PRIVATE!
o conf/ssl.crt/server.crt
The PEM-encoded X.509 certificate file which you configure
with the 'SSLCertificateFile' directive (automatically done
when you install via APACI).
o conf/ssl.csr/server.csr
The PEM-encoded X.509 certificate signing request file which
you can send to an official Certificate Authority (CA) in order
to request a real server certificate (signed by this CA instead
of our demonstration-only Snake Oil CA) which later can replace
the conf/ssl.crt/server.crt file.
#----------------------------------------------------------------------
make install
#Start Apache with SSL
/usr/local/apache_1.3.39/bin/apachectl startssl
沒有留言:
發佈留言