Apache2 + mod_ssl + php5 Complete installation record (1)

Original address: Http://blog.njmars.com/myhan/archive/2004/07/16/210.aspx

Environment:
RedHat 9.0
Description
Commands that are executed by a normal user, starting with $
Using # begins with the command that the root account executes

First step: Install Apache
Download apache2:http://httpd.apache.org/download.cgi
I need mod_ssl support, and apache1 different is, mod_ssl is not a separate module, but placed in the Apache release package, the default is not enabled, config when the choice on it.
I use the DSO method to compile and install Apache, while all the modules are compiled to facilitate possible later needs. As long as you edit the httpd.conf, remove unwanted modules inside (annotate or delete the LoadModule line of the corresponding module), you can customize your Apache.
$ tar zxvf httpd-2.0.50.tar.gz
$./configure--prefix=/usr/local/apache2--enable-so--enable-ssl=shared--enable-mods-shared=all--with-ssl=/usr/ Local/ssl
$ make
$ su
# make Install

Apache has two ways to use modules, one of which is to permanently include the core;
If the operating system supports dynamic shared objects (DSO) and can be detected for autoconf, the module can also be dynamically compiled.
DSO module storage is independent and core, can be used by the core using the Mod_so module provided by the runtime configuration instructions included or excluded.
If any dynamic modules are included in the compilation, the Mod_so module is automatically included in the core. If you want the core to be able to load DSO without actually compiling any dynamic modules, you need to explicitly specify--ENABLE-SO.
(http://kajaa.bbs.us/ApacheManual/install.html)

The first time you compile the Apache in the above method, the error occurs when you start it:
# Cd/usr/local/apache2
#./bin/apachectl Startssl
Syntax error on line 251 of/usr/local/apache/conf/httpd.conf:
Cannot load/usr/local/apache/modules/mod_ssl.so into server:/usr/local/apache/modules/mod_ssl.so:undefined symbol: X509_free

What is the reason? Look at http://www.smartframeworks.com/qt-apache-ssl.html.
Because according to the following method (see: Apache2 + mod_ssl + php5 Full installation record (2)) installed OpenSSL default is not compiled into the dynamic link library, because its documentation says OpenSSL's dynamic link library is immature and can be used./config shared Compile the OpenSSL with the dynamic link library, but it is still in the experimental phase.
The solution to this problem is to: Mod_ssl the static to the Apache inside.
Please use the following method to start over:
$./configure--prefix=/usr/local/apache2--enable-so--enable-ssl=static--with-ssl=/usr/local/ssl- Enable-mods-shared=all
$ make
$ su
# make Install

This time when Apache was launched, another error was found:
# Cd/usr/local/apache2
#./bin/apachectl Startssl
Syntax error on line 108 of/usr/local/apache2/conf/ssl.conf:
Sslcertificatefile:file '/USR/LOCAL/APACHE2/CONF/SSL.CRT/SERVER.CRT ' does not exist or are empty

What is the reason for that? Because we do not have SSL configured, we need to generate the required certificate for SSL.
Once you used Apache1+mod_ssl, make one of these steps
$ make Certificate
The certificate that can be used to generate SSL.
Now there is no such tool, you can only create their own hands, not familiar with the certificate of people, there is a tool to use: http://www.openssl.org/contrib/ssl.ca-0.1.tar.gz
# cd/usr/local/apache2/conf
# tar ZXVF ssl.ca-0.1.tar.gz
# CD ssl.ca-0.1
#./new-root-ca.sh (Generate root certificate)
No Root CA key round. Generating One
Generating RSA private key, 1024 bit long modulus
...........................++++++
....++++++
E is 65537 (0x10001)
Enter pass phrase for Ca.key: (Enter a password)
Verifying-enter Pass phrase for Ca.key: (again enter password)
......
Self-sign the root CA ... (Signed root certificate)
Enter pass phrase for Ca.key: (Enter the password you just set)
........
........ (sign now)
Country Name (2 letter code) [MY]:CN
State or province Name (full name) [Perak]:jiangsu
Locality Name (eg, city) [sitiawan]:nanjing
Organization Name (eg, company) [My Directory Sdn bhd]:wiscom System Co.,ltd
Organizational unit Name (eg, section) [Certification Services Division]:acstar
Common Name (eg, MD Root CA) []:wiscom CA
Email Address []:acmail@wiscom.com.cn

This generates the Ca.key and ca.crt two files, and then generates a certificate for our server:
#./new-server-cert.sh server (the name of this certificate is server)
......
......
Country Name (2 letter code) [MY]:CN
State or province Name (full name) [Perak]:jiangsu
Locality Name (eg, city) [sitiawan]:nanjing
Organization Name (eg, company) [My Directory Sdn bhd]:wiscom System Co.,ltd
Organizational unit Name (eg, section) [Secure Web Server]:acstar
Common Name (eg, www.domain.com) []:acmail.wiscom.com.cn
Email Address []:acmail@wiscom.com.cn

This generates the two files SERVER.CSR and Server.key.
It also needs to be signed for use:
#./sign-server-cert.sh Server
CA SIGNING:SERVER.CSR-> SERVER.CRT:
Using Configuration from Ca.config
Enter pass phrase for./ca.key: (Enter the root certificate password set above)
Check that the request matches the signature
Signature OK
The Subject ' s distinguished Name is as follows
CountryName:P rintable: ' CN '
Stateorprovincename:P rintable: ' Jiangsu '
Localityname:P rintable: ' Nanjing '
OrganizationName:P rintable: ' wiscom System co.,ltd '
Organizationalunitname:printable: ' Acstar '
CommonName:P rintable: ' acmail.wiscom.com.cn '
Emailaddress:ia5string: ' acmail@wiscom.com.cn '
Certificate is to being certified until 12:55:34 (365 days)
Sign the certificate? [Y/n]:y
1 out of 1 certificate requests certified, commit? [Y/n]y
Write out database with 1 new entries
Data Base Updated
CA VERIFYING:SERVER.CRT <-> CA cert
Server.crt:OK
(If there is an error, it's best to start over, delete the ssl.ca-0.1 directory, and restart from the decompression point.) )

Follow the settings in ssl.conf to place the certificate in the appropriate place.
# chmod Server.key
# CD ...
# mkdir Ssl.key
# MV Ssl.ca-0.1/server.key Ssl.key
# mkdir SSL.CRT
# MV Ssl.ca-0.1/server.crt SSL.CRT

And then it's ready to start.
# Cd/usr/local/apache2
#./bin/apachectl Startssl

For this hint:
Httpd:could not determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
only requires editing httpd.conf, find servername xxxx This line, remove the previous comment can be.