test

Sun Java System Application Server Enterprise Edition 8.2 High Availability Administration Guide

ProcedureTo Install SSL-aware Apache

Before You Begin

You must have already downloaded and uncompressed the Apache software.

  1. Download and unpack the OpenSSL source, available at http://openssl.org.

  2. Compile and build OpenSSL.

    This step is not required on the Linux 3.0 platform if OpenSSL 0.9.7.e is installed. It is required for Linux 4.0.

    For full installation instructions, see the file named INSTALL in the directory where you uncompressed OpenSSL. That file has information on installing OpenSSL in a user-specified location.

    For more information about OpenSSL, see the http://www.openssl.org/.

  3. Download and unpack Apache.

    Apache is available from http://httpd.apache.org.

  4. Compile and build Apache.

    Follow one of these procedures, depending on the version of Apache:

    • For Apache 1.3, configure Apache with mod_ssl with the following steps:

      1. Unpack the mod_ssl source.

      2. Type the following:

        cd mod_ssl-2.8.n–1.3.x

      3. Type the following:

        ./configure –with-apache=../apache_1.3.x --with-ssl=../openssl-0.9.8b --prefix=Apache-install-path --enable-module=ssl --enable-shared=ssl --enable-rule=SHARED_CORE --enable-module=so

      In the above commands, n is the correct version of mod_ssl to use with your version of Apache, x is the Apache version number, and Apache-install-path is the directory in which to install Apache.

      For more information on mod_ssl, including the correct version of mod_ssl to use with your version of Apache, see http://www.modssl.org.

    • For Apache 2, configure the source tree:

      1. cd http-2.0_x.

      2. Run the following command:

        ./configure --with-ssl= OpenSSL-install-path --prefix= Apache-install-path --enable-ssl --enable-so

        In the above commands, x is the Apache version number, open-ssl-install-path is the absolute path to directory where OpenSSL is installed, and Apache-install-path is the directory in which to install Apache.

        Note that you only need to use the --enable-ssl --enable-so options if your Apache 2 server will be accepting HTTPS requests.

  5. For Apache 2, make sure Apache's ssl.conf and httpd.conf files contains the correct values for your environment.

    • In ssl.conf, for VirtualHost default:port replace the default hostname and port with the hostname of the local system where Apache 2 is installed and the server's port number.

      Without this change, the load balancer will not work. On Solaris Apache may not start and on Linux, HTTPS requests may not work.

    • In ssl.conf, for ServerName www.example.com:443, replace www.example.com with the hostname of the local system where Apache 2 is installed.

      Without this change, the following warning appears when you start Apache if a security certificate is installed:


      [warn] RSA server certificate CommonName (CN) hostname does NOT match server name!

      For more information on installing certificates for Apache 2, see To Create a Security Certificate for Apache 2.

    • In httpd.conf, for ServerName www.example.com:80, replace www.example.com with the hostname of the local system where Apache 2 is installed.

      Without this change, you see warnings when you start Apache that the system could not determine the server's fully qualified domain name, and that there are overlapping VirtualHost entries.


      
      		

      

      


      • 

    


    If you installed apache as a root user, please be sure to read the note
on configuring the User and Group in apache-install-location/conf/httpd.conf. Apache runs as the user  described in httpd.conf. For the load balancer plug-in to be initialized when Apache is
started, the loadbalancer.xml file and the sun-loadbalancer_1_1.dtd file (found in apache-install-location/conf) must have file permissions in accordance to this user.
    


    6. 


  6. 

    For Apache on Linux 2.1, before compiling:
    


      


    1. 

      Open src/MakeFile and find the end of the automatically
generated section.
      


      2. 


    2. 

      Add the following lines after the first four lines after the automatically
generated section:
      



      LIBS+= -licuuc -licui18n -lnspr4 -lpthread -lxerces-c 
-lsupport -lnsprwrap -lns-httpd40
LDFLAGS+= -L/application-server-install-dir/lib -L/opt/sun/private/lib
      


      Note that -L/opt/sun/private/lib is only required
if you installed Application Server as part of a Java Enterprise System installation.
      


      For example:
      



      ## (End of automatically generated section)
## 
CFLAGS=$(OPTIM) $(CFLAGS1) $(EXTRA_CFLAGS)
LIBS=$(EXTRA_LIBS) $(LIBS1)
INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
"LIBS+= -licuuc -licui18n -lnspr4 -lpthread 
-lxerces-c -lsupport -lnsprwrap -lns-httpd40
LDFLAGS+= -L/application-server-install-dir /lib -L/opt/sun/private/lib
      


      3. 


    3. 

      Set environment variable LD_LIBRARY_PATH.
      


      With stand–alone installations, set it to the Application Server: install-dir/lib 

      


      With Java Enterprise System Installations, set it
to the Application Server: install-dir/lib:opt/sun/private/lib.
      


      If you are using Solaris 9, add /usr/local/lib to
the LD_LIBRARY_PATH.
      


      4. 


    

    7. 


  7. 

    Compile Apache as described in the installation instructions for
the version you are using. 
    


    For more information, see the http://httpd.apache.org/

    


    In
general the steps are:
    


      


    1. 

      
make

      


      2. 


    2. 

      
make certificate (Apache 1.3 only)
      


      3. 


    3. 

      
make install

      


      4. 


    

    The command make certificate asks for a secure password.
Remember this password as it is required for starting secure Apache.
    


    8.