Hi,
I got Apache 2.0.52 compiled, installed, and working on a Solaris 9
system awhile ago, but now I need to enable that server for SSL with
client authentication.
I know that I have to at least compile/install OpenSSL on the Solaris
system, but all of the information that I've been able to find indicates
that I need to also completely re-configure, re-compile, and re-install
Apache from the original 2.0.52 source.
Is there any way to avoid this, and just compile the mod_ssl.so module
after I do the compile/install of OpenSSL?
Also, I have a test Apache installation running on a separate Windows
system, and that test system already has SSL working including the
server and CA certs installed.
Once I get done with the OpenSSL installation and either the Apache
re-compile to get the SSL capability on the Solaris system, can I just
move:
- the CA cert and server cert files
- the .key file
- the ..\conf\ssl.conf file
over from my test Windows system to the Solaris system?
For reference, here's what the ssl.conf file on the test Windows system
looks like now:
=====================================================================
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog exec:e:\apache\conf\passphrase.bat
SSLSessionCache dbm:logs\ssl_scache
SSLSessionCacheTimeout 300
SSLMutex default
<VirtualHost _default_:443>
DocumentRoot "e:\apache\htdocs"
ServerName www.example.com:443
ServerAdmin you@xxxxxxxxxxx
ErrorLog logs\error_log
TransferLog logs\access_log
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile ssl\server-certificate.crt
SSLCertificateKeyFile ssl\server-certificate.key
SSLCertificateChainFile ssl\server-certificate.crt
SSLCACertificateFile ssl\ca-certificate.crt
SSLVerifyClient require
SSLVerifyDepth 5
<Files ~ "\.(class|jsp|cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "e:\apache\cgi-bin">
SSLOptions +StdEnvVars +ExportCertData
</Directory>
.
.
<snip>
.
.
<Directory
"E:\Tomcat\jakarta-tomcat-5.0.27\work\Catalina\localhost\jsp-examples\org\apache\jsp">
SSLOptions +StdEnvVars +ExportCertData +CompatEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs\ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
#</IfDefine>
=====================================================================
Obviously, I'm going to have to edit the ssl.conf file to eliminate the
drive letters and replace "\" with "/", but other than that, should this
work?
Thanks in advance,
Jim
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|