How to install mod_ssl2001-02-05 12:25 on Apache
Publisher: NetBull
LinuxByte Note: This site has mod_ssl download
Author: sustomer
I also read other articles introduced this, but it is very unclear. Looking at their article installed MOD_SSL touched the SSL. Here I will introduce my experience.
Because how to install Apache, PHP and other software, the article introduced has been much, so I put the focus on the SSL installation.
First of all, to download the required package: apache 1.3.17 What is this is what I have said http://www.tux.org/pub/net/apache/dist/apache_1.3.17.tar.gz
PHP 4.0.4PL1 is optional, I just want to demonstrate the situation of SSL and other software http://www.php.net/do_download.php?download_file =php-4.0.4pl1.tar.gz&suce_site=www.php .NET
OpenSSL 0.9.6 To generate a key and sign a certificate http://www.openssl.org/source/openssl-0.9.6.tar.gz
MOD_SSL 2.8.0 Heart of this article http://www.modssl.org/source/mod_ssl-2.8.0-1.3.17.tar.gz
All of this is Open Software.
My system is Redhat 6.2, so I decompressed them to / usr / local / src with Tar Zxvf file.tar.gz.
First compile PHP: # cd/usr/local/src/apache_1.3.17 # ./configure --prefix = / usr / local / apache # cd ../php-4.0.4pl1 # ./configure --with-apache = /usr/local/src/apache_1.3.17 / --Nable-Safe-Mode --Nable-bcmath --Nable-ftp / --with-gd --with-zlib --Nable-Trans-Sid / --enable -Calendar --Nable-DBase --Nable-EXIF / --WITH-MySQL = / usr / local / mysql # make # make install # cp php.ini-dist /usr/local/lib/php.ini # vi / USR / local / lib / php.ini Edit php.ini, you can add some configuration information (such as ZendOptimizer)
Compile OpenSSL: # cd ../openssl-0.9.6 # ./config --prefix = / usr / local / openssl Note, here is Config instead of configure. # make # make test # make install
Here is mod_ssl # cd ../mod_ssl-2.8.0-1.3.17 # ./configure --with-apache = .. / apache_1.3.17
Ok, you can start compiling apache (strange, how do you compile?) # Cd ../apache_1.3.17 # ssl_base = .. / openssl-0.9.6 / ./configure --prefix = / usr / local / apache / --enable-module = SSL / --Activate-module = src / modules / php4 / libphp4.a / --enable-module = php4 / --enable-shared = SSL # make Next is very important, see clearly ! # Make Certificate Type = Custom This step is to generate your own CA (if you don't know, I can't say it, simply is the certification center), and use it to sign a certificate for your server. There are a lot of things to enter.
Step 0: Select algorithm, use default RSA Step 1: Generate Ca.Key, CA's private key Step 2: Generate X.509 authentication requests CA.CSR To enter some information: Country Name: CN country code , Two letters State or Provice Name: bengbu City name Organization Name: Home CA Organization Name, just write Organization Unit Name: Mine Ca Common name: Mine Ca Email address: Sunstorm@263.net My Email Certificate Validity: 40,96 more than 4,000 days, enough
Step 3: Generate CA's signature, ca.crt Step 4: Generate a private key for the server, Server.Key Step 5: Generates a server's authentication request, server.cs is to enter some information, and STEP 2, but pay attention to Common Name It is your website domain name, such as www.mydomain.com Certificate Validity is not too big, 365 can be. STEP 6: Sign for your server, get server.crt Step 7-8 to encrypt your Ca.Key and Server.Key, remember Pass Phrase.
Next, complete Apache installation # make install # vi /usr/local/apache/conf/httpd.conf Modify Bindaddress and ServerName Add to PHP4
If you want to change DocumentRoot, you have to remember to change the documentroot setting of the SSL Virtual Host Context section in httpd.conf.
SSLCERTIFICATEFILE and SSLCERTIFICATKEYFILE are also in the SSL Virtual Host Context section. It may be settled in this: sslcertificatefile /usr/local/apache/conf/ssl.crt/server.crt sslcertificateKeyFile /usr/local/apache/conf/ssl.key/server.Key
Pay attention to the permissions of directory and files such as ssl.key ssl.crt! All Key, CSR, CRT, and PRM files should be set to 400 properties!
Last test: # cd / usr / local / apache # bin / apachectl startssl prompts to enter pass phrase (that is, you can not remember, you don't remember), start an Apache that supports SSL Enter https in Netscape : // localhost / Try, pay attention to https instead of http! Netscape will have some tips, no matter what he is very NEXT! Then you should see the page, and the lock in the lower left corner of the window is the lock.
Source: Ozer