[웹서버] apache+ssl+openssl+mysql+php 설치

[Apache + mod_ssl + openssl + php + mySQL]

ftp://ftp.openssl.org/source/

ftp://ftp.modssl.org/source/

/****** 설치 순서 *******/

1) openssl 설치

2) mod_ssl을 apache 소스트리에 포함시키기

3) apache configure 실행

4) php configure 그리고 apache 소스트리에 포함시키기

5) mod_ssl, php 를 포함한 apache 컴파일 및 설치

/***** openssl installation ********/

[/usr/local/src/openssl-0.9.6a]#./config

[/usr/local/src/openssl-0.9.6a]# make

[/usr/local/src/openssl-0.9.6a]# make test

[/usr/local/src/openssl-0.9.6a]# make install

/* RSA Private Key 작성 */

[/usr/local/ssl/bin]# ./openssl genrsa -des3 -rand T1:T2:T3:T4:T5 1024 > \\

../private/secure.test.co.kr.key <enter>

————————————————————————–

0 semi-random bytes loaded

Generating RSA private key, 1024 bit long modulus

………++++++

……………………………………++++++

e is 65537 (0x10001)

Enter PEM pass phrase: ****** <enter>

Verifying password – Enter PEM pass phrase:  ****** <enter>

————————————————————————–

[/usr/local/ssl/bin]# cat secure.test.co.kr.key

—————————————————————-

—–BEGIN RSA PRIVATE KEY—–

Proc-Type: 4,ENCRYPTED

DEK-Info: DES-EDE3-CBC,5B495C1D8FCAA406

  

+rfid1mS03Zfxu9DQRRN/BOyhHd/nDRsG4p2zey9FZsbkr2xxzKNdczF9CAfsXIi

PlHez1BoJ5o8NEgPmWfgCRvaICzwsSOofuizCynx6ZFhxcB6KIw7TAbF00qV5dcY

3S0ov8IeO+v7IuQBVotzJqNV6sDE1OIwqRhEqz71IpnAonZg33i8NB5Uqu895HbC

MZyVGj3cVI2jb4fiQUmc6GwY4AvtG2RQHrpE3RTXTlgW+OnX5kIByQ==

—–END RSA PRIVATE KEY—–  

—————————————————————-

/* CSR 작성 */

[/usr/local/ssl/bin]# ./openssl req -new -key \\

../private/secure.test.co.kr.key -out \\

secure.test.co.kr.csr

————————————————————————————-

Using configuration from /usr/local/ssl/openssl.cnf

Enter PEM pass phrase: ****** <enter>

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [AU]:KR <enter>

State or Province Name (full name) [Some-State]:. <enter>

Locality Name (eg, city) []:Seoul <enter>

Organization Name (eg, company) [Internet Widgits Pty Ltd]:Mediachannel inc.

<enter>

Organizational Unit Name (eg, section) []:Solution Team <enter>

Common Name (eg, YOUR name) []:Jang Won Cheol <enter>

Email Address []:telnet99 at

test.co.kr <enter>

  

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []: **** <enter>

An optional company name []:. <enter>

————————————————————————————-

[/usr/local/ssl/bin]# cat secure.test.co.kr.csr

—————————————————————–

—–BEGIN CERTIFICATE REQUEST—–

MIIB7DCCAVUCAQAwgZYxCzAJBgNVBAYTAktSMQ4wDAYDVQQHEwVTZW91bDEaMBgG

A1UEChMRTWVkaWFjaGFubmVsIGluYy4xFjAUBgNVBAsTDVNvbHV0aW9uIFRlYW0x

FzAVBgNVBAMTDkphbmcgV29uIENoZW9sMSowKAYJKoZIhvcNAQkBFht0ZWxuZXQ5

NszSMLAaP8YJ0Wq+lZqWqA==

—–END CERTIFICATE REQUEST—–

—————————————————————–

/* self-signed certificate 작성 */

[/usr/local/ssl/bin]# ./openssl req -x509 -key \\

../private/secure.test.co.kr.key -in \\

secure.test.co.kr.csr > \\

secure.test.co.kr.crt

——————————————————————

Using configuration from /usr/local/ssl/openssl.cnf

Enter PEM pass phrase: ******* <enter>

——————————————————————

[/usr/local/ssl/bin]# cat secure.test.co.kr.crt

—————————————————————–

—–BEGIN CERTIFICATE—–

MIIDmzCCAwSgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCS1Ix

DjAMBgNVBAcTBVNlb3VsMRowGAYDVQQKExFNZWRpYWNoYW5uZWwgaW5jLjEWMBQG

A1UECxMNU29sdXRpb24gVGVhbTEXMBUGA1UEAxMOSmFuZyBXb24gQ2hlb2wxKjAo

BgkqhkiG9w0BCQEWG3RlbG5ldDk5QG1lZGlhY2hhbm5lbC5jby5rcjAeFw0wMTA1

—–END CERTIFICATE—–  

—————————————————————–

/***** mod_ssl을 apache소스에 포함시키기 ********/

[root@test mod_ssl-2.8.2-1.3.19]# pwd

/usr/local/src/mod_ssl-2.8.2-1.3.19

[root@test mod_ssl-2.8.2-1.3.19]# ./configure –with-apache=/usr/local/src/apach

e_1.3.19    

—————————————————————————

Configuring mod_ssl/2.8.2 for Apache/1.3.19

+ Apache location: /usr/local/src/apache_1.3.19 (Version 1.3.19)

+ Auxiliary patch tool: ./etc/patch/patch (local)

+ Applying packages to Apache source tree:

   o Extended API (EAPI)

   o Distribution Documents

   o SSL Module Source

   o SSL Support

   o SSL Configuration Additions

   o SSL Module Documentation

   o Addons

Done: source extension and patches successfully applied.

  

Now proceed with the following commands (Bourne-Shell syntax):

$ cd /usr/local/src/apache_1.3.19

$ SSL_BASE=/path/to/openssl ./configure … –enable-module=ssl

$ make

$ make certificate

$ make install

—————————————————————————

/***** apache configure 실행 ********/

[root@test apache_1.3.19]# ./configure –prefix=/usr/local/httpd \\

> –enable-module=all –enable-shared=max

—————————————————————————

Configuring for Apache, Version 1.3.19

+ using installation path layout: Apache (config.layout)

Creating Makefile

Creating Configuration.apaci in src

  

Creating Makefile in src

+ configured for Linux platform

+ setting C compiler to gcc

+ setting C pre-processor to gcc -E

+ checking for system header files

+ adding selected modules

    o rewrite_module uses ConfigStart/End

+ using -lndbm for DBM support

      enabling DBM support for mod_rewrite

    o dbm_auth_module uses ConfigStart/End

    o db_auth_module uses ConfigStart/End

      using Berkeley-DB/2.x for mod_auth_db (-ldb)

    o ssl_module uses ConfigStart/End

      + SSL interface: mod_ssl/2.8.2

      + SSL interface build type: DSO

      + SSL interface compatibility: enabled

      + SSL interface experimental code: disabled

      + SSL interface conservative code: disabled

      + SSL interface vendor extensions: disabled

      + SSL interface plugin: Built-in SDBM

      + SSL library path: /usr/local/ssl

      + SSL library version: OpenSSL 0.9.6a 5 Apr 2001

      + SSL library type: installed package (stand-alone)

+ enabling Extended API (EAPI)

+ using -ldl for vendor DSO support

+ checking sizeof various data types

+ doing sanity check on compiler and options

Creating Makefile in src/support

Creating Makefile in src/regex

Creating Makefile in src/os/unix

Creating Makefile in src/ap

Creating Makefile in src/main

Creating Makefile in src/lib/expat-lite

Creating Makefile in src/modules/experimental

Creating Makefile in src/modules/standard

Creating Makefile in src/modules/extra

Creating Makefile in src/modules/proxy

Creating Makefile in src/modules/example

Creating Makefile in src/modules/ssl

—————————————————————————

/***** php configure & 아파치 소스트리에 포함시키기 ********/

[/usr/local/src/php-4.0.4pl1]# CFLAGS=’-02 -l/usr/local/ssl/openssl/include’ \\

> ./configure –with-apache=/usr/local/src/apache_1.3.19 \\

> –with-mysql=/usr/local/mysql \\

> –enable-memory-limit=yes \\

> –enable-debug=no \\

> –enable-track-vars \\

> –enable-versioning \\

> –with-config-file-path=/usr/local/httpd

+——————————————————————–+

| License:                                                           |

| This software is subject to the PHP License, available in this     |

| distribution in the file LICENSE.  By continuing this installation |

| process, you are bound by the terms of this license agreement.     |

| If you do not agree with the terms of this license, you must abort |

| the installation process at this point.                            |

+——————————————————————–+

  

Thank you for using PHP.            

[/usr/local/src/php-4.0.4pl1]# make

[/usr/local/src/php-4.0.4pl1]# make install

/***** mod_ssl, php 를 포함한 apache 컴파일 및 설치 ********/

[root@test apache_1.3.19]# SSL_BASE=/usr/local/ssl \\

> ./configure –prefix=/usr/local/httpd \\

> –enable-module=all –enable-shared=max \\

> –activate-module=src/modules/php4/libphp4.a \\

> –enable-module=php4  

—————————————————————————

Configuring for Apache, Version 1.3.19

+ using installation path layout: Apache (config.layout)

+ activated php4 module (modules/php4/libphp4.a)

Creating Makefile

Creating Configuration.apaci in src

Creating Makefile in src

+ configured for Linux platform

+ setting C compiler to gcc

+ setting C pre-processor to gcc -E

+ checking for system header files

+ adding selected modules

    o rewrite_module uses ConfigStart/End

+ using -lndbm for DBM support

      enabling DBM support for mod_rewrite

    o dbm_auth_module uses ConfigStart/End

    o db_auth_module uses ConfigStart/End

      using Berkeley-DB/2.x for mod_auth_db (-ldb)

    o ssl_module uses ConfigStart/End

      + SSL interface: mod_ssl/2.8.2

      + SSL interface build type: DSO

      + SSL interface compatibility: enabled

      + SSL interface experimental code: disabled

      + SSL interface conservative code: disabled

      + SSL interface vendor extensions: disabled

      + SSL interface plugin: Built-in SDBM

      + SSL library path: /usr/local/ssl

      + SSL library version: OpenSSL 0.9.6a 5 Apr 2001

      + SSL library type: installed package (stand-alone)

    o php4_module uses ConfigStart/End

+ enabling Extended API (EAPI)

+ using -ldl for vendor DSO support

+ checking sizeof various data types

+ doing sanity check on compiler and options

Creating Makefile in src/support

Creating Makefile in src/os/unix

Creating Makefile in src/ap

Creating Makefile in src/main

Creating Makefile in src/lib/expat-lite

Creating Makefile in src/modules/experimental

Creating Makefile in src/modules/standard

Creating Makefile in src/modules/extra

Creating Makefile in src/modules/proxy

Creating Makefile in src/modules/example

Creating Makefile in src/modules/ssl

Creating Makefile in src/modules/php4  

—————————————————————————

[/usr/local/src/apache_1.3.19]# make

+———————————————————————+

| Before you install the package you now should prepare the SSL       |

| certificate system by running the ‘make certificate’ command.       |

| For different situations the following variants are provided:       |

|                                                                     |

| % make certificate TYPE=dummy    (dummy self-signed Snake Oil cert) |

| % make certificate TYPE=test     (test cert signed by Snake Oil CA) |

| % make certificate TYPE=custom   (custom cert signed by own CA)     |

| % make certificate TYPE=existing (existing cert)                    |

|        CRT=/path/to/your.crt [KEY=/path/to/your.key]                |

|                                                                     |

| Use TYPE=dummy    when you’re a  vendor package maintainer,         |

| the TYPE=test     when you’re an admin but want to do tests only,   |

| the TYPE=custom   when you’re an admin willing to run a real server |

| and TYPE=existing when you’re an admin who upgrades a server.       |

| (The default is TYPE=test)                                          |

|                                                                     |

| Additionally add ALGO=RSA (default) or ALGO=DSA to select           |

| the signature algorithm used for the generated certificate.         |

|                                                                     |

| Use ‘make certificate VIEW=1’ to display the generated data.        |

|                                                                     |

| Thanks for using Apache & mod_ssl.       Ralf S. Engelschall        |

|                                          rse at engelschall.com      

|

|                                          www.engelschall.com        |

+———————————————————————+  

[/usr/local/src/apache_1.3.19]# make certificate TYPE=existing \\

> CRT=/usr/local/ssl/bin/secure.test.co.kr.crt \\

> KEY=/usr/local/ssl/private/secure.test.co.kr.key

—————————————————————————

make[1]: Entering directory `/usr/local/src/apache_1.3.19/src’

SSL Certificate Generation Utility (mkcert.sh)

Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

  

Using existing custom certificate [EXISTING]

______________________________________________________________________

  

RESULT: Server Certification Files

  

o  conf/ssl.key/server.key

   The PEM-encoded RSA private key file which you configure

   with the ‘SSLCertificateKeyFile’ directive (automatically done

   when you install via APACI). KEEP THIS FILE PRIVATE!

  

o  conf/ssl.crt/server.crt

   The PEM-encoded X.509 certificate file which you configure

   with the ‘SSLCertificateFile’ directive (automatically done

   when you install via APACI).

  

Congratulations that you establish your server with real certificates.

  

make[1]: Leaving directory `/usr/local/src/apache_1.3.19/src’

—————————————————————————

[/usr/local/src/apache_1.3.19]# make install

+——————————————————–+

| You now have successfully built and installed the      |

| Apache 1.3 HTTP server. To verify that Apache actually |

| works correctly you now should first check the         |

| (initially created or preserved) configuration files   |

|                                                        |

|   /usr/local/httpd/conf/httpd.conf

|                                                        |

| and then you should be able to immediately fire up     |

| Apache the first time by running:                      |

|                                                        |

|   /usr/local/httpd/bin/apachectl start

|                                                        |

| Or when you want to run it with SSL enabled use:       |

|                                                        |

|   /usr/local/httpd/bin/apachectl startssl

|                                                        |

| Thanks for using Apache.       The Apache Group        |

|                                http://www.apache.org/  |

+——————————————————–+

서진우

슈퍼컴퓨팅 전문 기업 클루닉스/ 상무(기술이사)/ 정보시스템감리사/ 시스존 블로그 운영자

You may also like...

1 Response

  1. 2024년 10월 15일

    … [Trackback]

    […] Read More here to that Topic: nblog.syszone.co.kr/archives/109 […]

페이스북/트위트/구글 계정으로 댓글 가능합니다.