SECTION 1
Download
-mySQL
-Apache
-PHP
-modSSL
-OpenSSL
SECTION 2
-Install OpenSSL
SECTION 3
-Install modSSL
SECTION 4
-Installation of Apache
SECTION 5
-mySQL Installation and configuration
SECTION 6
-Generating Certificate
SECTION 7
-LibPNG
and GD Library
SECTION 8
-Generating a CSR on an Apache Server with Mod_SSL
SECTION 9
-Installing a Global
Server Certificate on an Apache Server with Mod_SSL |
Undertake a standard Linux Installation
Installed complete Multilib and Full Development Tools and Server
Configuration Tools, Complete Mail utility.
Later cyrus-sasl was removed. Better not to install cyrus-sasl. Further, it
was also giving an error of perl-DBD-mysql, and mysql-client. mysql-client
was removed and perl-DBD was kept. mysql that got installed along with
cyrus-sasl was forcefully removed with option --nodeps --allpackages.
1. Download the Packages:
The following packages have to be
downloaded from the appropriate sites:
mySQL : From
www.mysql.com download the latest
mysql-standard-version.tar.gz. I had downloaded
mysql-standard-4.0.24-pc-linux-gnu-i686.tar.gz
Apache : From
www.apache.org. Go to the httpd section
/ downloads and get the apache source. Be careful about downloading the
version. It has to be 1.3.something. For version 2, this manual may not be
proper. I had downloaded the version : 1.3.33. (File :
apache_1.3.33.tar.gz).
PHP : From
www.php.net. Download the latest source
file from this site. With version 5 I was unable to compile with apache. The
necessary changes were not getting incorporated with httpd.conf. So I had
used : php-4.3.11. File downloaded was php-4.3.11.tar.gz.
OpenSSL : From www.openssl.org. The
version downloaded was 0.9.8.
modSSL : From
www.modssl.org. The version downloaded was 2.8.23 for Apache 1.3.33.
Copy all the tar files in /usr/local/src.
Section 2
Installation of OpenSSL :
cd /usr/local/src/openssl-0.9.8
./config no-threads -fPIC shared
make
make test
make install
Section 3
Installation of ModSSL :
cd ../mod_ssl-2.8.23-1.3.33/
./configure --with-apache=/usr/local/src/apache_1.3.33/ \
--with-ssl=/usr/local/src/openssl-0.9.8/ --prefix=/usr/local/apache
--enable-module=ssl --enable-module=so \
--enable-module=most --enable-shared=max
Section 4
Installation of Apache :
cd ../apache_1.3.33/
make
make certificate
make install
Section 5
Installation of mySQL : (The full installation of LAMP without
openssl is available at
http://www.oocities.org/subhasisg/scripts/lamp_new.html).
tar -xvf mysql-standard-4.0.24-pc-linux-gnu-i686.tar
groupadd mysql
useradd -g mysql mysql
ln -s /usr/local/src/mysql-standard-4.0.24-pc-linux-gnu-i686 mysql
cd mysql/
./scripts/mysql_install_db --user=mysql
chown -R mysql data
chgrp -R mysql .
./bin/mysqld_safe --user=mysql &
cp /usr/local/mysql/support-files/mysql.server to /etc/rc.d/init.d/mysql
/etc/rc.d/init.d/mysql restart
vi $HOME/.bash_profile
PATH=$PATH:/usr/local/mysql/bin
mysqladmin -u root password 'XXXXXXXX'
PATH=$PATH:/usr/local/bin; export PATH)
mysql -h localhost -D test -u root -pXXXXXXXX
cd ../php-4.4.0
./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs
make
make install
The above installation was giving an error libssl.so.0.9.8 not found
while doing
apachectl startssl
So searched for the file libssl.so
The output was :
./usr/local/ssl/lib/libssl.so.0.9.8 <--
./usr/local/src/openssl-0.9.8/libssl.so<--
The <-- marked paths were taken and put in the file /etc/ld.so.conf
Then ran ldconfig
After this apachectl startssl worked.
-----------------------
Section 6
Delete the directories :
/usr/local/apache/conf/ssl.*
cd /usr/local/apache_1.3.33/
make
make certificate
make install
Section 7
The following part was
required as GD library was not installed. Due to unavailability of GD, PHP
based drawing of images was not working. (This was requred for
implementation of a CAPTCHA). As a consequence, due to uninstallation of the
libpng and re-installation of the package afresh, my Linux GUI crashed and
till date it is not working saying that libpng.so not found, though the file
is very much there. Would post a rejoinder, if I come to know how to fix it.
:
LIBPNG:
Download LIBPNG from http://www.libpng.org/pub/png/
http://prdownloads.sourceforge.net/libpng/libpng-1.2.8-config.tar.gz?download
gunzip libpng-1.2.8-config.tar.gz
tar -xvf libpng-1.2.8-config.tar
cd libpng-1.2.8-config
./configure
make
make install
GD:
http://www.boutell.com/gd/
Version : gd-2.0.33
gunzip gd-2.0.33.tar.gz
tar -xvf gd-2.0.33.tar
cd gd-2.0.33
sh ./configure
make
make install
cd usr/local/src/php-4.4.0
./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs
./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs --with-gd
--with-zlib-dir=/usr/include
make
make install
/usr/local/apache/bin/apachectl startssl
It asked for the password.
The above installation was okay but the Certificate was not signed by any
CA. So this was giving an error message.
The installation of Web Server Certificate is as follows. The basic heads
for the same are mentioned in detail below. ( The following is taken from
the Verisign Web Site).
Section 8
Generating a CSR on an Apache Server with Mod_SSL
|
-
Make
sure OpenSSL is installed and included in your PATH. (Even so, some
commands may work when run from within the OpenSSL source tree as "./apps/openssl ".)
-
Create a RSA private key for your Apache server (Triple-DES encrypted
and PEM formatted):
openssl genrsa -des3 -out server.key
1024
-
Please backup this server.key
file and remember the pass-phrase you had to enter at a secure
location. You can see the details of this RSA private key via the
command:
openssl rsa -noout -text -in
server.key
-
Create a Certificate Signing Request (CSR) with the server RSA private
key. (Output will be PEM formatted):
openssl req -new -key server.key
-out server.csr
-
Make
sure you enter the
Distinguished name
information in the correct format. You can see the details of this CSR
via the command:
openssl req -noout -text -in
server.csr
-
You now
have to send this Certificate Signing Request to VeriSign for signing.
The result is then a real Certificate which can be used for Apache.
|
Section 9
Installing a Global Server Certificate on an Apache Server with Mod_SSL
|
Installation
-
You will
receive you certificate from VeriSign in an email. Cut and paste this
certificate into a crt file, e.g. /usr/local/ssl/certs/host.mydomain.com.crt
-
You then
activate it by updating the virtual host section of your Apache
configuration for host.mydomain.com as follows:
SSLCertificateFile /path/to/your/host.mydomain.com.crt
SSLCertificateKeyFile /path/to/your/host.mydomain.com.key
-
If you are
temporarily using a self-signed certificate or if your are renewing an
existing certificate, make sure you back-up the existing certificate's
.crt and .key files then overwrite with the certificate from VeriSign,
or change the above SSLCertificateFile to the path of the new file.
-
After you
have installed the new VeriSign Global Server Certificate you will
need to download and install the
Intermediate CA. Cut and paste this, including the -----BEGIN
CERTIFICATE----- and -----END CERTIFICATE----- lines, into a file
named /etc/httpd/conf/ssl.crt/ca.crt Be careful not to include any
whitespace before the beginning and ending hyphens.
-
Add the
following directive to your httpd.conf file, within the virtual host
tags that define your secure Web server and with the other SSL
directives:
SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca.crt
-
Restart
your secure Web server, according to the instructions provided in the
manual.
|
|

http://www.mysql.com

http://www.apache.org
http://www.php.net
http://www.openssl.org/

http://www.modssl.org
|