November 03, 2003

apache + ssl + php (更新版)

準備
apache_1.3.29.tar.gz from http://httpd.apache.org/
openssl-0.9.7c.tar.gz from http://www.openssl.org/
php-4.3.3.tar.gz from http://www.php.net/
mod_ssl-2.8.16-1.3.29.tar.gz from http://www.modssl.org/

解壓全部
cd openssl-0.9.7c
./config -fPIC
make
make install

cd ../mod_ssl-2.8.16-1.3.29
./configure --with-apache=../apache_1.3.29 --with-ssl=../openssl-0.9.7c --prefix=/usr/local/apache

cd ../apache_1.3.29
./configure --prefix=/usr/local/apache --sysconfdir=/usr/local/apache/conf --enable-module=so \
--enable-shared=ssl --enable-module=ssl --enable-module=rewrite --enable-shared=rewrite
make
make certificate

STEP 0: Decide the signature algorithm used for certificate
The generated X.509 CA certificate can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:D (選 DSA)

WARNING! You're generating a DSA based certificate/key pair.
This implies that RSA based ciphers won't be available later,
which for your web server currently still means that mostly all
popular web browsers cannot connect to it. At least not until
you also generate an additional RSA based certificate/key pair
and configure them in parallel.
______________________________________________________________________

STEP 1: Generating DSA private key (1024 bit) [server.key]
Generating DSA private key via SnakeOil CA DSA parameters
109338882 semi-random bytes loaded
Generating DSA key, 1024 bits
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request [server.csr]
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name (2 letter code) [XY]:TW (輸入資訊)
2. State or Province Name (full name) [Snake Desert]:Taiwan
3. Locality Name (eg, city) [Snake Town]:Taipei
4. Organization Name (eg, company) [Snake Oil, Ltd]:TECO
5. Organizational Unit Name (eg, section) [Webserver Team]:IA
6. Common Name (eg, FQDN) [www.snakeoil.dom]:www.teco-ia.com.tw
7. Email Address (eg, name@FQDN) [www@snakeoil.dom]:root@teco-ia.com.tw
8. Certificate Validity (days) [365]:10000 (填一個夠長的時間)
Certificate Version 選 3

STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]:3

Encrypt the private key now? [Y/n] (選 n 啟動時才不用輸入密碼)
make install

cd ../php-4.3.3
./configure --with-mysql --with-apxs=/usr/local/apache/bin/apxs --enable-module=so \
--with-config-file-path=/usr/local/etc --libexecdir=/usr/local/apache/libexec
make install

修改 httpd.conf

在 DirectoryIndex 該行後加上 index.php

新增
LoadModule php4_module libexec/libphp4.so
LoadModule ssl_module libexec/libssl.so
AddModule mod_php4.c
AddModule mod_ssl.c

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

加入 register_globals = on 到 php.ini
echo "register_globals = on" >> /usr/local/etc/php.ini

啟動 /usr/local/apache/bin/apachectl startssl

Posted by pank at November 3, 2003 09:19 AM
Comments
Post a comment













Remember personal info?