Installing SSL

Now that you've learned all about SSL, you need to install SLL support for Apache. SSL support is provided by mod_ssl, a module that is included with Apache, but is not enabled by default. mod_ssl, in turn, requires the OpenSSL library an open-source implementation of the SSL/TLS protocols and a variety of other cryptographic algorithms. OpenSSL is based on the SSLeay library developed by Eric A. Young and Tim J. Hudson.

OpenSSL

This section explains how to download and install the OpenSSL toolkit for both Windows and Unix variants.

Windows

The required OpenSSL libraries are included with the Windows installer of Apache 2.0 and no further installation or download is necessary. openssl.exe is included in the bin/ directory of the Apache distribution. It is a utility for generating certificates, keys, certificate signing requests, and so on.

Unix

If you are running a recent Linux or FreeBSD distribution, OpenSSL might already be installed in your system. Use the package management tools bundled with your distribution to determine whether that is the case or, otherwise, to install it.

If you need to install OpenSSL from source, you can download OpenSSL from http://www.openssl.org. After you have downloaded the software, you need to uncompress it and cd into the created directory:

 #> gunzip < openssl*.tar.gz | tar xvf - #> cd openssl* 

OpenSSL contains a config script to help you build the software. You must provide the path to which the software will install. The path used in this hour is /usr/local/ssl/install, and you probably need to have root privileges to install the software there. You can install the software as a regular user, but to do so, you will need to change the path. Then, you must build and install the software:

 #> ./config --prefix=/usr/local/ssl/install \ --openssldir=/usr/local/ssl/install/openssl #> make #> make install 

If everything went well, you have now successfully installed the OpenSSL toolkit. The openssl command-line tool will be located in /usr/local/ssl/install/bin/.

This tool is used to create and manipulate certificates and keys, and its usage is described in a later section on certificates.

mod_ssl

In the past, SSL extensions for Apache had to be distributed separately because of export restrictions. These restrictions no longer exist and mod_ssl is bundled and integrated with Apache 2.0. This section describes the steps necessary to build and install this module. mod_ssl depends on the OpenSSL library, so a valid OpenSSL installation is required.

Windows

You can download a binary distribution of Apache 2.0 for the Windows platform from http://httpd.apache.org; it includes mod_ssl. You might need to uncomment the following line in the configuration file:

 LoadModule ssl_module modules/libmodssl.so 
Unix

If you are using the Apache 2.0 server that came installed with your operating system, chances are that it already includes mod_ssl. Use the package management tools bundled with your distribution to install mod_ssl if it is not present in your system.

When you build Apache 2.0 from source, you must pass the following options to enable and build mod_ssl at compile time. The options are in addition to the options used in Hour 2, "Installing and Configuring Apache," to ensure that PHP was successfully installed.

 --enable-ssl --with-ssl=/usr/local/ssl/install/openssl 

This assumes that you installed OpenSSL in the location described in previous sections.

If you compiled mod_ssl statically into Apache, you can check whether it is present by issuing the following command, which provides a list of compiled-in modules:

 #> /usr/local/apache2/bin/httpd -l 

The command assumes that you installed Apache in the /usr/local/apache2 directory.

If mod_ssl was compiled as a dynamic loadable module, the following line must be added or uncommented to the configuration file:

 LoadModule ssl_module modules/libmodssl.so 


Sams Teach Yourself PHP, MySQL and Apache in 24 Hours
Sams Teach Yourself PHP, MySQL and Apache in 24 Hours
ISBN: 067232489X
EAN: 2147483647
Year: 2005
Pages: 263

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net