Installation of LAMP with OPENSSL

SECTION 1
Download
-mySQL
-Apache
-PHP
-modSSL
-OpenSSL
 

SECTION 2
-Install OpenSSL
 

SECTION 3
-Install modSSL


SECTION 4
-Installation of Apache


SECTION 5
 -mySQL Installation and configuration
 

SECTION 6
-Generating Certificate

SECTION 7
-LibPNG and GD Library


SECTION 8
-Generating a CSR on an Apache Server with Mod_SSL

SECTION 9
-Installing a Global Server Certificate on an Apache Server with Mod_SSL

Undertake a standard Linux Installation

Installed complete Multilib and Full Development Tools and Server Configuration Tools, Complete Mail utility.

Later cyrus-sasl was removed. Better not to install cyrus-sasl. Further, it was also giving an error of perl-DBD-mysql, and mysql-client. mysql-client was removed and perl-DBD was kept. mysql that got installed along with cyrus-sasl was forcefully removed with option --nodeps --allpackages.
 

1. Download the Packages:

The following packages have to be downloaded from the appropriate sites:

mySQL : From www.mysql.com download the latest mysql-standard-version.tar.gz. I had downloaded mysql-standard-4.0.24-pc-linux-gnu-i686.tar.gz

Apache : From www.apache.org. Go to the httpd section / downloads and get the apache source. Be careful about downloading the version. It has to be 1.3.something. For version 2, this manual may not be proper. I had downloaded the version : 1.3.33. (File : apache_1.3.33.tar.gz).

PHP : From www.php.net. Download the latest source file from this site. With version 5 I was unable to compile with apache. The necessary changes were not getting incorporated with httpd.conf. So I had used : php-4.3.11. File downloaded was php-4.3.11.tar.gz.

OpenSSL : From www.openssl.org. The version downloaded was 0.9.8.

modSSL : From www.modssl.org. The version downloaded was 2.8.23 for Apache 1.3.33.

Copy all the tar files in /usr/local/src.


Section 2

Installation of OpenSSL :

cd /usr/local/src/openssl-0.9.8
./config no-threads -fPIC shared
make
make test
make install

Section 3

Installation of ModSSL :

cd ../mod_ssl-2.8.23-1.3.33/
./configure --with-apache=/usr/local/src/apache_1.3.33/ \
--with-ssl=/usr/local/src/openssl-0.9.8/ --prefix=/usr/local/apache
--enable-module=ssl --enable-module=so \
--enable-module=most --enable-shared=max

Section 4

Installation of Apache :
cd ../apache_1.3.33/
make
make certificate
make install

Section 5

Installation of mySQL : (The full installation of LAMP without openssl is available at http://www.oocities.org/subhasisg/scripts/lamp_new.html).

tar -xvf mysql-standard-4.0.24-pc-linux-gnu-i686.tar
groupadd mysql
useradd -g mysql mysql
ln -s /usr/local/src/mysql-standard-4.0.24-pc-linux-gnu-i686 mysql
cd mysql/
./scripts/mysql_install_db --user=mysql
chown -R mysql data
chgrp -R mysql .
./bin/mysqld_safe --user=mysql &
cp /usr/local/mysql/support-files/mysql.server to /etc/rc.d/init.d/mysql
/etc/rc.d/init.d/mysql restart
vi $HOME/.bash_profile
PATH=$PATH:/usr/local/mysql/bin
mysqladmin -u root password 'XXXXXXXX'
PATH=$PATH:/usr/local/bin; export PATH)
mysql -h localhost -D test -u root -pXXXXXXXX

cd ../php-4.4.0
./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs
make
make install

The above installation was  giving an error libssl.so.0.9.8 not found while doing
apachectl startssl
So searched for the file libssl.so
The output was :
./usr/local/ssl/lib/libssl.so.0.9.8 <--
./usr/local/src/openssl-0.9.8/libssl.so<--
The <-- marked paths were taken and put in the file /etc/ld.so.conf
Then ran ldconfig
After this apachectl startssl worked.

-----------------------
Section 6

Delete the directories :
/usr/local/apache/conf/ssl.*
cd /usr/local/apache_1.3.33/
make
make certificate
make install


Section 7

The following part was required as GD library was not installed. Due to unavailability of GD, PHP based drawing of images was not working. (This was requred for implementation of a CAPTCHA). As a consequence, due to uninstallation of the libpng and re-installation of the package afresh, my Linux GUI crashed and till date it is not working saying that libpng.so not found, though the file is very much there. Would post a rejoinder, if I come to know how to fix it. :

LIBPNG:
Download LIBPNG from http://www.libpng.org/pub/png/
http://prdownloads.sourceforge.net/libpng/libpng-1.2.8-config.tar.gz?download
gunzip libpng-1.2.8-config.tar.gz
tar -xvf libpng-1.2.8-config.tar
cd libpng-1.2.8-config
./configure
make
make install

GD:
http://www.boutell.com/gd/
Version : gd-2.0.33
gunzip gd-2.0.33.tar.gz
tar -xvf gd-2.0.33.tar
cd gd-2.0.33
sh ./configure
make
make install

cd usr/local/src/php-4.4.0
./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs
./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs --with-gd --with-zlib-dir=/usr/include

make
make install

/usr/local/apache/bin/apachectl startssl
It asked for the password.

The above installation was okay but the Certificate was not signed by any CA. So this was giving an error message.

The installation of Web Server Certificate is as follows. The basic heads for the same are mentioned in detail below. ( The following is taken from the Verisign Web Site).


Section 8

Generating a CSR on an Apache Server with Mod_SSL

  1. Make sure OpenSSL is installed and included in your PATH. (Even so, some commands may work when run from within the OpenSSL source tree as "./apps/openssl".)

     

  2. Create a RSA private key for your Apache server (Triple-DES encrypted and PEM formatted):
    openssl genrsa -des3 -out server.key 1024

     

  3. Please backup this server.key file and remember the pass-phrase you had to enter at a secure location. You can see the details of this RSA private key via the command:
    openssl rsa -noout -text -in server.key

     

  4. Create a Certificate Signing Request (CSR) with the server RSA private key. (Output will be PEM formatted):
    openssl req -new -key server.key -out server.csr

     

  5. Make sure you enter the Distinguished name information in the correct format. You can see the details of this CSR via the command:
    openssl req -noout -text -in server.csr

     

  6. You now have to send this Certificate Signing Request to VeriSign for signing. The result is then a real Certificate which can be used for Apache.
     


Section 9

Installing a Global Server Certificate on an Apache Server with Mod_SSL

Installation
 

  1. You will receive you certificate from VeriSign in an email. Cut and paste this certificate into a crt file, e.g. /usr/local/ssl/certs/host.mydomain.com.crt

     

  2. You then activate it by updating the virtual host section of your Apache configuration for host.mydomain.com as follows:

    SSLCertificateFile /path/to/your/host.mydomain.com.crt
    SSLCertificateKeyFile /path/to/your/host.mydomain.com.key

     

  3. If you are temporarily using a self-signed certificate or if your are renewing an existing certificate, make sure you back-up the existing certificate's .crt and .key files then overwrite with the certificate from VeriSign, or change the above SSLCertificateFile to the path of the new file.

     

  4. After you have installed the new VeriSign Global Server Certificate you will need to download and install the Intermediate CA. Cut and paste this, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, into a file named /etc/httpd/conf/ssl.crt/ca.crt   Be careful not to include any whitespace before the beginning and ending hyphens.

     

  5. Add the following directive to your httpd.conf file, within the virtual host tags that define your secure Web server and with the other SSL directives:

     

    SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt

     

  6. Restart your secure Web server, according to the instructions provided in the manual.




 

  
http://www.mysql.com




    
http://www.apache.org




 



http://www.php.net


http://www.openssl.org/


http://www.modssl.org