?
Solved

sssl on apache

Posted on 2000-03-22
1
Medium Priority
?
308 Views
Last Modified: 2013-12-26
i have a unix server with apache
and id like to use ssl
how can i make my site secure?

thanks
0
Comment
Question by:boofulls
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 2644483
Is your Apache built with SSL support? You can easily tell by looking at it's config file. If there are no "<IfDefine SSL>"  or other mentions of SSL* directive in the file then it wasn't and you'll have to build one that is SSL enabled.

Below is a "recipe" that can be used to build an SSL enabled Apache on Linux or Solaris. It's somewhat generic and you might not need the PhP stuff and If you are not on sparc/ultra Solaris or Linix thing will need to be changed...

Standard server is built with SSL & Php/database/ldap/imap support.
Everything is built with gcc-2.95.2, earlier versions are suspect on
Solaris 7/8. The following describes the packages & dependencies
as of 8 Mar 00:

Apache 1.3.12             - http://www.apache.org/dist/
Mod SSL 2.6.2-1.3.12      - http://www.modssl.org/
  OpenSSL 0.9.5           - http://www.openssl.org/source/
  Mm 1.0.12               - http://www.engelschall.com/sw/mm/
Php 3.0.15                - http://www.php.net/
  Openldap-1.2.9          - http://www.openldap.org/
    db-2.7.7 (BerkeleyDB) - http://www.sleepycat.com/
  Imap (c-client)         - http://www.washington.edu/imap/
  Postgres 6.5.3          - http://www.postgresql.org
   --and/or--
  MySQL-3.22.32           - http://www.mysql.org

1. Configure, build & install openssl

   > cd openssl-0.9.5
   > ./Configure solaris-sparcv[8|9]-gcc \   # Solaris Sparc/Ultra
   > ./Configure linux-elf \                 # Linux i386
   > ./Configure linux-sparcv[8|9] \         # Linux Sparc/Ultra
   > --prefix=/opt/Openssl -DSSL_FORBID_ENUL
   > make
   > make test
   > make install

2. Configure & build Mm

   > cd mm-1.0.12
   > ./configure --disable-shared
   > make

4. Configure mod-ssl

   > cd ../mod_ssl-2.6.2-1.3.12/
   > ./configure --with-apache=../apache_1.3.12

5. Now configure, build, and install Apache

   > cd apache_1.3.12
   > SSL_BASE=../openssl-0.9.5 EAPI_MM=../mm-1.0.12 \
   > ./configure --prefix=/opt/Apache \
   > --enable-module=most --enable-shared=max \
   > --enable-module=ssl --enable-shared=ssl --enable-rule=SSL_SDBM
   > make
   > make install
   >
   
6. (optional) Configure and Build c-client IMAP libs

   > cd imap-4.7b
   > make gso       # Gcc Solaris - see Makefile
   > make lnp       # Linux w/PAM - see Makefile
   > cd c-client
   > mkdir include
   > cp *.h include
   > mkdir lib
   > cd lib
   > ln -s ../c-client.a libc-client.a

7. (optional) And the LDAP libs (we get everything, but only use the libs)
   and I assume that BerkeleyDB is installed.

   > cd openldap-1.2.9
   > CPPFLAGS=-I/usr/local/BerkeleyDB/include \ # Solaris
   > LDFLAGS=-L/usr/local/BerkeleyDB/lib \      # Solaris
   > LIBS="-lpthread -lposix4" \                # Solaris
   > ./configure --prefix=/opt/Ldap
   > make depend
   > make
   > make install

8. Now we can build Php. The assumption is that the database is already built
   and installed. I put 'em in /opt.

   > cd php-3.0.15
   > ./configure --with-apxs=/opt/Apache/bin/apxs --without-gd \
   > --with-mysql=/opt/Mysql \           # Optional MySQL
   > --with-pgsql=/opt/Postgres \        # Optional Postrgres
   > --with-ldap=/opt/Ldap \             # Optional LDAP
   > --with-imap=../imap-4.7b/c-client \ # Optional IMAP
   > --with-config-file-path=/opt/Apache/conf
   > make
   > make install
   > cp php3.ini-dist /opt/Apache/conf/php3.ini

   On Solaris watch out for the LDAP library search path (-L/opt/Ldap/lib)
   getting placed after the libraries (-lldap -llber), configure can
   botch it. Fix by re-arrainging in the top-level Makefile.

9. Check where the php modules are in the Apache conf file. They will wind
   up in an SSL conditional and should be at the global level.

10.Create a certificate. I use a temp dir in the Apache conf dir.
   After I create the certificate I move it to the ssl.* dirs
   using the real or virtual server name, e.g., chaos.domain.com=>chaos.*
   This is a locally signed certificate. For a real server you'll need
   to get a real certificate from a "Certificate Authority", like Verisign.

   > cd /opt/Apache/conf
   > mkdir ssl.tmp
   > cd ssl.tmp
   > /opt/Openssl/bin/openssl req -new >host.csr
   > /opt/Openssl/bin/openssl rsa -in privkey.pem -out host.key
   > /opt/Openssl/bin/openssl x509 -in host.csr -out host.cert -req \
   > -signkey host.key -days 365
   > mv host.cert ../ssl.crt/chaos.crt
   > mv host.csr ../ssl.csr/chaos.csr
   > mv host.key ../ssl.key/chaos.key
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: Dynamic window placements and drawing on a form, simple usage of windows registry as a storage place for information. Continuing from the first article about sudoku.  There we have designed the application and put a lot of user int…
Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses
Course of the Month12 days, 13 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question