apache + mod_ssl + mod_perl のインストール
2002-09-19 作成 福島
2002-10-02 更新 福島
TOP > tips > apache-ssl-perl
・apache 1.3.26 をインストール (mod_ssl 2.8.10)

$ tar xzf apache_1.3.26.tar.gz
$ tar xzf mod_ssl-2.8.10-1.3.26.tar.gz
$ cd mod_ssl-2.8.10-1.3.26
mod_ssl-2.8.10-1.3.26$ ./configure --with-apache=../apache_1.3.26 --with-ssl=/usr/local/ssl --prefix=/usr/local/apache-s
Configuring mod_ssl/2.8.10 for Apache/1.3.26
 + Apache location: ../apache_1.3.26 (Version 1.3.26)
 + OpenSSL location: /usr/local/ssl
 + Auxiliary patch tool: ./etc/patch/patch (local)
 + Applying packages to Apache source tree:
   o Extended API (EAPI)
   o Distribution Documents
   o SSL Module Source
   o SSL Support
   o SSL Configuration Additions
   o SSL Module Documentation
   o Addons
Done: source extension and patches successfully applied.

Configuring for Apache, Version 1.3.26
 + using installation path layout: Apache (config.layout)
Creating Makefile
Creating Configuration.apaci in src
Creating Makefile in src
 + configured for Linux platform
 + setting C compiler to gcc
 + setting C pre-processor to gcc -E
 + checking for system header files
 + adding selected modules
    o ssl_module uses ConfigStart/End
      + SSL interface: mod_ssl/2.8.10
      + SSL interface build type: OBJ
      + SSL interface compatibility: enabled
      + SSL interface experimental code: disabled
      + SSL interface conservative code: disabled
      + SSL interface vendor extensions: disabled
      + SSL interface plugin: Built-in SDBM
      + SSL library path: /usr/local/ssl
      + SSL library version: OpenSSL 0.9.6c 21 dec 2001
      + SSL library type: installed package (stand-alone)
 + enabling Extended API (EAPI)
 + using system Expat
 + checking sizeof various data types
 + doing sanity check on compiler and options
Creating Makefile in src/support
Creating Makefile in src/regex
Creating Makefile in src/os/unix
Creating Makefile in src/ap
Creating Makefile in src/main
Creating Makefile in src/modules/standard
Creating Makefile in src/modules/ssl

Now proceed with the following commands:
 $ cd ../apache_1.3.26
 $ make
 $ make certificate
 $ make install
mod_ssl-2.8.10-1.3.26$ cd ../apache_1.3.26 apache_1.3.26$ make
(省略)
+---------------------------------------------------------------------+
| Before you install the package you now should prepare the SSL       |
| certificate system by running the 'make certificate' command.       |
| For different situations the following variants are provided:       |
|                                                                     |
| % make certificate TYPE=dummy    (dummy self-signed Snake Oil cert) |
| % make certificate TYPE=test     (test cert signed by Snake Oil CA) |
| % make certificate TYPE=custom   (custom cert signed by own CA)     |
| % make certificate TYPE=existing (existing cert)                    |
|        CRT=/path/to/your.crt [KEY=/path/to/your.key]                |
|                                                                     |
| Use TYPE=dummy    when you're a  vendor package maintainer,         |
| the TYPE=test     when you're an admin but want to do tests only,   |
| the TYPE=custom   when you're an admin willing to run a real server |
| and TYPE=existing when you're an admin who upgrades a server.       |
| (The default is TYPE=test)                                          |
|                                                                     |
| Additionally add ALGO=RSA (default) or ALGO=DSA to select           |
| the signature algorithm used for the generated certificate.         |
|                                                                     |
| Use 'make certificate VIEW=1' to display the generated data.        |
|                                                                     |
| Thanks for using Apache & mod_ssl.       Ralf S. Engelschall        |
|                                          rse@engelschall.com        |
|                                          www.engelschall.com        |
+---------------------------------------------------------------------+
make[1]: 出ます ディレクトリ `apache_1.3.26'
<=== src
apache_1.3.26$ make certificate
make[1]: 入ります ディレクトリ `apache_1.3.26/src'
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

Generating test certificate signed by Snake Oil CA [TEST]
WARNING: Do not use this for real-life/production systems
______________________________________________________________________

STEP 0: Decide the signature algorithm used for certificate
The generated X.509 CA certificate can contain either
RSA or DSA based ingredients. Select the one you want to use.
Signature Algorithm ((R)SA or (D)SA) [R]:[ENTER]
______________________________________________________________________

STEP 1: Generating RSA private key (1024 bit) [server.key]
49762 semi-random bytes loaded
Generating RSA private key, 1024 bit long modulus
.......++++++
.....++++++
e is 65537 (0x10001)
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request [server.csr]
Using configuration from .mkcert.cfg
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name             (2 letter code) [XY]:JP
2. State or Province Name   (full name)     [Snake Desert]:Saitama
3. Locality Name            (eg, city)      [Snake Town]:Saitama-city
4. Organization Name        (eg, company)   [Snake Oil, Ltd]:Rouge Network
5. Organizational Unit Name (eg, section)   [Webserver Team]:Internet Section
6. Common Name              (eg, FQDN)      [www.snakeoil.dom]:s.example.com
7. Email Address            (eg, name@FQDN) [www@snakeoil.dom]:admin@s.example.com
8. Certificate Validity     (days)          [365]:[ENTER]
______________________________________________________________________

STEP 3: Generating X.509 certificate signed by Snake Oil CA [server.crt]
Certificate Version (1 or 3) [3]:[ENTER]
Signature ok
subject=                         表示が長すぎるので分割しました。実際は 1 行です
	/C=JP
	/ST=Saitama
	/L=Saitama-city
	/O=Rouge Network
	/OU=Internet Section
	/CN=s.example.com
	/Email=admin@s.example.com
Getting CA Private Key
Verify: matching certificate & key modulus
read RSA key
Verify: matching certificate signature
../conf/ssl.crt/server.crt: /C=XY 表示が長すぎるので分割しました。実際は 1 行です
	/ST=Snake Desert
	/L=Snake Town
	/O=Snake Oil, Ltd
	/OU=Certificate Authority
	/CN=Snake Oil CA
	/Email=ca@snakeoil.dom
error 10 at 1 depth lookup:certificate has expired
OK
______________________________________________________________________

STEP 4: Enrypting RSA private key with a pass phrase for security [server.key]
The contents of the server.key file (the generated private key) has to be
kept secret. So we strongly recommend you to encrypt the server.key file
with a Triple-DES cipher and a Pass Phrase.
Encrypt the private key now? [Y/n]:[ENTER]
read RSA key
writing RSA key
Enter PEM pass phrase:************                      パスフレーズを入力する
Verifying password - Enter PEM pass phrase:************ パスフレーズを入力する (確認用)
Fine, you're using an encrypted RSA private key.
______________________________________________________________________

RESULT: Server Certification Files

o  conf/ssl.key/server.key
   The PEM-encoded RSA private key file which you configure
   with the 'SSLCertificateKeyFile' directive (automatically done
   when you install via APACI). KEEP THIS FILE PRIVATE!

o  conf/ssl.crt/server.crt
   The PEM-encoded X.509 certificate file which you configure
   with the 'SSLCertificateFile' directive (automatically done
   when you install via APACI).

o  conf/ssl.csr/server.csr
   The PEM-encoded X.509 certificate signing request file which
   you can send to an official Certificate Authority (CA) in order
   to request a real server certificate (signed by this CA instead
   of our demonstration-only Snake Oil CA) which later can replace
   the conf/ssl.crt/server.crt file.

WARNING: Do not use this for real-life/production systems

make[1]: 出ます ディレクトリ `apache_1.3.26/src'
apache_1.3.26$ su apache_1.3.26# make install
(省略)
+--------------------------------------------------------+
| You now have successfully built and installed the      |
| Apache 1.3 HTTP server. To verify that Apache actually |
| works correctly you now should first check the         |
| (initially created or preserved) configuration files   |
|                                                        |
|   /usr/local/apache-s/conf/httpd.conf
|                                                        |
| and then you should be able to immediately fire up     |
| Apache the first time by running:                      |
|                                                        |
|   /usr/local/apache-s/bin/apachectl start
|                                                        |
| Or when you want to run it with SSL enabled use:       |
|                                                        |
|   /usr/local/apache-s/bin/apachectl startssl
|                                                        |
| Thanks for using Apache.       The Apache Group        |
|                                http://www.apache.org/  |
+--------------------------------------------------------+
apache_1.3.26# exit apache_1.3.26$ cd .. ・apache を mod_perl 付きに変更 $ tar xzf mod_perl-1.27.tar.gz $ cd mod_perl-1.27 mod_perl-1.27$ perl Makefile.PL USE_APACI=1 APACHE_PREFIX=/usr/local/apache-s EVERYTHING=1 ADD_MODULE=proxy,rewrite,auth_dbm,ssl
Will configure via APACI
Configure mod_perl with ../apache_1.3.26/src ? [y] [ENTER]
Shall I build httpd in ../apache_1.3.26/src for you? [y] [ENTER]
(省略)
mod_perl-1.27$ make mod_perl-1.27$ su mod_perl-1.27# make install
(省略)
+--------------------------------------------------------+
| You now have successfully built and installed the      |
| Apache 1.3 HTTP server. To verify that Apache actually |
| works correctly you now should first check the         |
| (initially created or preserved) configuration files   |
|                                                        |
|   /usr/local/apache-s/conf/httpd.conf
|                                                        |
| and then you should be able to immediately fire up     |
| Apache the first time by running:                      |
|                                                        |
|   /usr/local/apache-s/bin/apachectl start
|                                                        |
| Or when you want to run it with SSL enabled use:       |
|                                                        |
|   /usr/local/apache-s/bin/apachectl startssl
|                                                        |
| Thanks for using Apache.       The Apache Group        |
|                                http://www.apache.org/  |
+--------------------------------------------------------+
make[1]: 出ます ディレクトリ `apache_1.3.26'
Appending installation info to /usr/lib/perl5/5.6.0/i386-linux/perllocal.pod
mod_perl-1.27# /usr/local/apache-s/bin/apachectl startssl apache を SSL モードで起動