Solaris 8 onwards includes a bundled version of Apache. Sun have compiled the bundled version with DSO (Dynamic Shared Object) and EAPI (Extended Application Program Interface) which allows other modules to be added without having to recompile apache. This can be useful if your site is concerned about having Sun supported configurations. This procedure documents how to add modssl to the Sun bundled apache server.

 1. Download and extract the source code for OpenSSL and modSSL. You'll also
    need the gcc compiler and openSSL installed.
 2. Go to the modssl source directory, cd mod-ssl-version
 3. ./configure --with-apxs=/usr/apache/bin/apxs --with-ssl=path-to-openssl-
 4. export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/opt/sfw/lib/gcc-lib/sparc-sun-
 5. cd pkg.modssl
 6. Edit Makefile setting CC=gcc , change CFLAGS_SHLIB from Kpic to FPIC and
    append -lgcc to the SSL_LIBS statement.
 7. make
 8. make install
 9. Generate the keys as follows:
       1. openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out
          server.key 1024 (where file1:file2:file3:file4:file5 are some
          randomly selected compressed files)
       2. openssl rsa -in server.key -out server.pem (to produce an
          unencrypted key so that apache will start without a pass phrase -
          make sure this isn't world readable!)
       3. openssl req -new -key server.key -out server.csr (to produce a
          certificate signing request)
       4. For testing purposes this can be self signed as follows: openssl
          x509 -req -days 60 -in server.csr -signkey server.key -out
       5. Copy the keys to the preferred directories, e.g.
       6. Create the http.conf file, for example:
          SSLRandomSeed startuo egd:/var/run/egd-pool
          Listen 80
          Listen 443
          <VirtualHost _default_:443>
          DocumentRoot /usr/apache/htdocs
          SSLEngine on
          SSLCertificateFile /etc/apache/ssl.crt/server.key
          SSLCertificateKeyFile /etc/apache/ssl.key/server.pem
          SetEnvIF User_Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
          CustomLog /var/apache/log/ssl_request_log \
          The <IfDefile> statement means that if the server is started with
          the -DSSL option, these configuration statements will be read. With
          the Module statements, the following lines need adding:
          LoadModule ssl_module /usr/apache/libexec/libssl.soo
          Add Module mod_ssl.c
10. Copy the new config file into place and restart apache using: httpd -DSSL

Recent Changes

Contribute to this wiki

Why not help others by sharing your knowledge? Contribute something to this wiki and join out hall of fame!
Contact us for a user name and password