Original address: http://blog.njmars.com/myhan/archive/2004/07/16/210.aspx Environment: Redhat 9.0 Description: Using $ starting is the command of ordinary user authentication execution, ROOT account The first step: install apache download Apache2: http://httpd.apache.org/download.cgi I need MOD_SSL support, and Apache1 is different, mod_ssl is not a separate module, but put it in Apache release Inside the package, the default is not enabled, and when config is selected. I use DSO to compile install Apache and compile all the modules to facilitate later possible needs. As long as you edit httpd.conf, you can customize your Apache if you remove unwanted modules (annotation or deleting the LoadModule line of the corresponding module). $ TAR ZXVF HTTPD-2.0.50.tar.gz $ ./configure --prefix = / usr / local / apache2 --enable-so --enable-ssl = shared --enable-mods-shared = all --with -ssl = / usr / local / ssl $ make $ su # make install apache has two ways of using modules, one is permanent incorporation; if the operating system supports dynamic sharing objects (DSO), and can be AutoConf Detection, the module can also be dynamically compiled. The storage of the DSO module is independent and core, which can be used by the core using the runtime configuration instruction provided by the Mod_SO module. If there is any dynamic module in the compilation, the Mod_SO module will automatically contain the core. If you want the core to load DSO, not actually compiling any dynamic module, you need to specify -enable-so. (http://kajaa.bbs.us/apachemanual/install.html) Apache compiled by the above method, will report an error while started: # CD / usr / local / apache2 # ./bin/apachectl Startsslsyntax Error ON Line 251 of /usr/local/apache/conf/httpd.conf:cannot loading /usr/local/apache/modules/mod_ssl.so INTO Server: /usr/local/apache/modules/mod_ssl.so: undefined Symbol: x509_free what is the reason? Look http://www.smartframeworks.com/QT-apache-ssl.html Because OpenSSL installed by the following method (see: apache2 mod_ssl php5 full installation record (2)) is not compiled into a dynamic link library Because its document says that OpenSSL's dynamic link library is not mature, you can use ./config shared to compile OpenSSL with dynamic link library, but is still in the test phase. The way to solve this problem is: Compile MOD_SSL to the Apache.
Please use the following method to reconnect:) $ ./configure --prefix = / usr / local / apache2 --enable-so --enable-ssl = static --with-ssl = / usr / local / ssl - Enable-mods-shared = all $ make $ su # make install This time I started Apache again, I found an error: # cd / usr / local / apache2 # ./bin/apachectl Startsslsyntax Error On line 108 of / usr / local / Apache2 / conf / ssl.conf: sslcertificatefile: file '/usr/local/apache2/conf/ssl.crt/server.crt' does not exist or is Empty What is the reason? Because we don't have SSL to configure SSL, you need to generate the certificate required for SSL. When using apache1 mod_ssl before, Make has a step $ make Certificate that can be used to generate the certificate used by SSL.
Now there is no such tool, I can only build it myself, people who are not familiar with the certificate, there is a tool to use: http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz# CD / USR / local / apache2 / conf # tar zxvf ssl.ca-0.1.tar.gz # cd ssl.ca-0.1 # ./new-root-ca.sh (Generate Root Certificate) No root Ca Key Round. Generating OneGenerating RSA Private Key, 1024 Bit Long Modulus ......................... .... E IS 65537 (0x10001) ENTER Pass Phrase for Ca.key: (Enter a password) Verifying - Enter Pass Phrase for Ca.key: (Enter a password again) ... Self-Sign the root Ca ... (Sign Root Certificate) ENTER Pass Phrase for Ca.key: (Enter the password just set) .............. (2 Let's start signing) Country name (2 letter code) [My ]: CNState or Province name (full name) [Perak]: JiangSuLocality name (eg, city) [Sitiawan]: NanJingOrganization name (eg, company) [My Directory Sdn Bhd]: Wiscom System Co., LtdOrganizational Unit name (eg, Section) [Certification Services Division]: ACSTARCOMMON Name (EG, MD Root Ca) []: wiscom caemail address []: acmail@wiscom.com.cn has created CA. Key and Ca.crt two files, here you have to generate a certificate for our server: # ./new-server-cert.sh Server (the name of this certificate is server ........... .Ctry name (2 letter code) [my]: cnState or province name [PRRAK]: JIANGSulocality Name (EG, City) [Sitiawan]: Nanjingorganization Name (EG, Company) [My Directory SDN BHD]: Wiscom System Co., Ltd., Ltd. [Secure Web Server]: ACSTARCOMMON Name (EG, www.domain.com) []: acmail.wiscom.com.cnemail address []: acmail@wiscom.com.cn This generates two files of Server.csr and Server.Key.
