Installing modSSL with Solaris distributed Apache
Solaris 8 onwards includes a bundled version of Apache. Sun have compiled the bundled version with DSO (Dynamic Shared Object) and EAPI (Extended Application Program Interface) which allows other modules to be added without having to recompile apache. This can be useful if your site is concerned about having Sun supported configurations. This procedure documents how to add modssl to the Sun bundled apache server.
1. Download and extract the source code for OpenSSL and modSSL. You'll also need the gcc compiler and openSSL installed. 2. Go to the modssl source directory, cd mod-ssl-version 3. ./configure --with-apxs=/usr/apache/bin/apxs --with-ssl=path-to-openssl- src 4. export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/sfw/lib/gcc-lib/sparc-sun- solaris2.8/2.95.3 5. cd pkg.modssl 6. Edit Makefile setting CC=gcc , change CFLAGS_SHLIB from Kpic to FPIC and append -lgcc to the SSL_LIBS statement. 7. make 8. make install 9. Generate the keys as follows: 1. openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out server.key 1024 (where file1:file2:file3:file4:file5 are some randomly selected compressed files) 2. openssl rsa -in server.key -out server.pem (to produce an unencrypted key so that apache will start without a pass phrase - make sure this isn't world readable!) 3. openssl req -new -key server.key -out server.csr (to produce a certificate signing request) 4. For testing purposes this can be self signed as follows: openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt 5. Copy the keys to the preferred directories, e.g. /etc/apache/ssl.crt /etc/apache/ssl.csr /etc/apache/ssl.key 6. Create the http.conf file, for example: <IfDefineSSL> SSLRandomSeed startuo egd:/var/run/egd-pool Listen 80 Listen 443 <VirtualHost _default_:443> ServerAdmin example@in2nix.com DocumentRoot /usr/apache/htdocs ServerName www.in2nix.com SSLEngine on SSLCertificateFile /etc/apache/ssl.crt/server.key SSLCertificateKeyFile /etc/apache/ssl.key/server.pem SetEnvIF User_Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown CustomLog /var/apache/log/ssl_request_log \ "%t%h%{SSL_PROTOCOL}x%{SSL_CIPHER}x\"%r\"%b" </VirtualHost> </IfDefine> The <IfDefile> statement means that if the server is started with the -DSSL option, these configuration statements will be read. With the Module statements, the following lines need adding: LoadModule ssl_module /usr/apache/libexec/libssl.soo Add Module mod_ssl.c 10. Copy the new config file into place and restart apache using: httpd -DSSL
Still stuck? Maybe we can help. Contact us at Upwork
Never miss a thing subscribe to our newsletter
or follow us on twitter
For more super cool techie stuff check out our blog!!
Recent Changes
Contribute to this wiki
Why not help others by sharing your knowledge? Contribute something to this wiki and
join out hall of fame!
Contact us for a user name and password