JavaScript Editor Javascript source editor     Web programming 



Team LiB
Previous Section Next Section

Obtaining and Installing SSL Tools

SSL support is provided by mod_ssl, an Apache module. This module requires the OpenSSL libraryan open-source implementation of the SSL/TLS protocols and a variety of other cryptographic algorithms. OpenSSL is based on the SSLeay library developed by Eric A. Young and Tim J. Hudson.

Due to the restrictions on the distribution of string cryptography and patented intellectual property worldwide, the installation of SSL-related tools varies in its ease from platform to platform. The following sections provide an overview for obtaining and installing SSL-related tools.

OpenSSL

All files and instructions necessary for installing OpenSSL can be found at http://www.openssl.org/. Users of Linux/Unix (and their variants) will find the installation of the OpenSSL software to be similar to installing other system tools. However, the casual Windows user will discover that there are currently no freely distributed precompiled binaries. As such, Windows users must compile the OpenSSL tools on their own.

Once you have installed the OpenSSL toolkit, you will have all the necessary elements for creating and manipulating certificates and keys, as well as interfacing with the mod_ssl Apache module.

Installation for Windows Users

Windows users who are familiar with the process of building their own binaries may do so with the OpenSSL source code provided at the OpenSSL Web site. The instructions for compiling OpenSSL on Windows are in the INSTALL.W32 file found in the source distribution. Restating these instructions is beyond the scope of this book; however, you will find they are comprehensive and well written. The required tools are ActiveState Perl for Windows, and one of the following C compilers:

  • Visual C++

  • Borland C

  • GNU C (Cygwin or MinGW)

Be sure to follow the instructions appropriate to your compiler of choice, as they are quite different for each. You can also find tips from Apache for compiling OpenSSL, at http://httpd.apache.org/docs-2.0/platform/win_compiling.html.

Installation for Linux/Unix Users

If you are running a recent Linux or FreeBSD distribution, OpenSSL might already be installed in your system. Should you need to install OpenSSL, you can download the source from the OpenSSL Web site. Once downloaded, uncompress it and cd into the created directory (replace -version in the following commands with your particular, current version of OpenSSL):

# gunzip < openssl-version.tar.gz | tar xvf -
# cd openssl-version

Complete installation instructions are found in the INSTALL file, but in short, the config script will help you build the software, which is followed by the make and make install processes.

The mod_ssl Apache Module

In the past, SSL extensions for Apache had to be distributed separately because of export restrictions. Currently, mod_ssl is bundled with Apache 2.0, but only as part of the source distributions. While not an issue for Linux/Unix users, Windows users will find they must build Apache from source in order to build the mod_ssl module; mod_ssl is not distributed in the precompiled and distributed binaries. The mod_ssl module depends on the OpenSSL library, so a valid OpenSSL installation is required.

For Windows Users

In order to use mod_ssl, you must build your Apache installation from scratch. In other words, if you followed the installation instructions in Chapter 3, "Installing and Configuring Apache," throw those out and follow the Apache documentation found at http://httpd.apache.org/docs-2.0/platform/win_compiling.html. Again, restating these instructions is beyond the scope of this book, but they will provide you with all the information you need. The core requirements are

  • Installed OpenSSL toolkit

  • Microsoft Visual C++ 5.0 or higher

  • The Windows Platform SDK

  • The awk utility (awk, gawk, or similar)

For Linux/UNIX Users

The source distribution used in Chapter 3 should already include the files necessary to use mod_ssl. As such, in order to use mod_ssl, you only need to follow the configure and make/make install process again, with the following addition as part of the configure command:

--enable-ssl --with-ssl=/usr/local/ssl/

This assumes that you installed OpenSSL in the listed location; if it resides in another directory on your server, simply substitute the location in the preceding command.

If you compiled mod_ssl statically into Apache, you can check whether it is present by issuing the following command, which provides a list of compiled-in modules:

# /usr/local/apache2/bin/httpd -l

By the Way

The above command assumes that you installed Apache in the /usr/local/ apache2 directory.


If mod_ssl was compiled as a dynamic loadable module, the following line must be added to or uncommented in the Apache configuration file (httpd.conf):

LoadModule ssl_module modules/libmodssl.so

When you have finished making changes to the httpd.conf file, restart Apache so your changes take effect. If you look in your error_log after restarting, mod_ssl will be part of your server signature, such as

Apache/2.0.52 (Unix) mod_ssl/2.0.52 OpenSSL/0.9.7d PHP/5.0.2

    Team LiB
    Previous Section Next Section


    JavaScript Editor Javascript source editor     Web programming