Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to install apache/openssl/mod_ssl

Apache SSL / Linux

How to install apache/openssl/mod_ssl

by rninja Posted May 3, 2001 (Edited May 3, 2001)

Many people including myself have wondered how to get SSL installed on their linux boxes. Here is a great wayt to do it.

all the trailing slashes ( \ ) are backslashes not pipes.

1) Download the latest version of apache (currently 1.3.19), and get the latest version of openssl (0.9.6a), finally download the latest mod_ssl module.

2) Place all of the *.tar.gz files or *.tgz files into the /tmp directory. Now untar and unzip them like so:

tar -xzvf apache_1.3.19.tar.gz ; tar -xzvf openssl_0.9.6a.tar.gz ; tar -xzvf mod_ssl-0.21.8-1.3.19

3) go into the mod_ssl directory first and configure it like so:

./configure --with-apache=/tmp/apache_1.3.19

4) Next change directory to the apache directory (/tmp/apache_1.3.19). configure the apache source:

SSL_BASE=/tmp/openssl-0.9.6a RSA_BASE=/tmp/rsaref-2.1 \ (optional)
./configure --prefix=/usr/local/apache --enable-module=most --enable-shared=max --enable-shared=ssl

5) when that completes, you should get a little ASCII that tells you to make a test certificate. Do it:

make certificate type=custom

Answer all the questions to complete installation of the test certificate.

6) Now you are ready to install the components. switch into the openssl directory and install it:

./config ; make ; make install

7) switch back into apache and install:

make install

8) You are basically done as poer the installation. Now you have to make a real certificate and/or setup the httpd.conf file for virtualhost/server settings.

NOTE: to make a certificate in openssl:
go to the /usr/local/ssl/bin directory and issue this command:

./openssl req -new -x509 -keyout /usr/local/ssl/private/serverkey.pem -out /usr/local/ssl/certs/servercert.pem -days 365

This command will create the private serverkey (ensure that this directory only allows root to have read/write access.), the server certificate to be shred with clients, all for the duration of one year (365 days).

Hope this FAQ helps everyone. I will write more in the future...

-------- 'Those who consume themselves with knowledge become the happiest in their own self worth' ----Rninja :-9

Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Back

Top