Recently vulnerability scan found a lot of problems, and therefore upgrade apache, and install the new version of openssl, and do not conflict with the openssl and systems
A package needs and environment
Environment: centos7.6
OpenSSL version
[root@localhost ~]# openssl version -a
OpenSSL 1.0.2k-fips 26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: rdrand dynamic
Install the required packages
yum -y install gcc* expat-devel
Two apache install the latest needs of other packages apr apr-util pcre
cd /usr/local/src tar xf apr-1.7.0.tar.gz cd apr-1.7.0/ ./configure --prefix=/usr/local/apr make && make install cd .. tar xf apr-util-1.6.1.tar.gz cd apr-util-1.6.1/ ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr make && make install cd .. tar xf pcre-8.43.tar.gz cd pcre-8.43/ ./configure --prefix=/usr/local/pcre make && make install cd .. tar xf openssl-1.1.1c.tar.gz cd openssl-1.1.1c/ ./config --prefix=/usr/local/ssl --shared make && make install echo "/usr/local/ssl/lib" >>/etc/ld.so.conf ldconfig #使库文件生效
Three install apache
cd .. tar xf httpd-2.4.41.tar.gz cd httpd-2.4.41/ ./configure --prefix=/usr/local/httpd --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-pcre=/usr/local/pcre \ --enable-so --enable-rewrite --enable-ssl --with-ssl=/usr/local/ssl --with-mpm=prefork make && make install
Four simple to modify the configuration to start
vim /usr/local/httpd/conf/httpd.conf
ServerName localhost:80
/usr/local/httpd/bin/apachectl start
Five configuration access https
# Private / usr / local / ssl / bin / OpenSSL genrsa-des3--out server.key 1024 # generate a server certificate request OpenSSL REQ -new -key server.key - OUT server.csr # from visa [root @ mylinux conf] # / usr / local / SSL / bin / OpenSSL X509 -req -days 700 -out server.key--IN-in server.csr -signkey server.crt the Signature OK Subject = C = the CN, ST = Beijing, Beijing L =, O = Lenovo.com, OU = IT, CN = liullm7 the Getting Private key the Enter Pass phrase for server.key: vim the httpd.conf the Include conf / Extra / httpd- the ssl.conf # httpd-file inside the ssl.conf two key name serve.crt server.key Ssl_module modules LoadModule / mod_ssl.so LoadModule socache_shmcb_module modules / mod_socache_shmcb.so remove the private key phrases, do not start when he entered [root @ MyLinux conf] # / usr / local / ssl / bin / OpenSSL rsa -IN server.key -out Server. Key the Enter Pass phrase for server.key: Writing RSA Key / usr / local / httpd / bin / apachectl restart
View openssl six cases
[root@mylinux ~]# /usr/local/ssl/bin/openssl version -a OpenSSL 1.1.1c 28 May 2019 built on: Thu Aug 22 15:33:35 2019 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/ssl/ssl" ENGINESDIR: "/usr/local/ssl/lib/engines-1.1" Seeding source: os-specific [root@mylinux ~]# openssl version -a OpenSSL 1.0.2k-fips 26 Jan 2017 built on: reproducible build, date unspecified platform: linux-x86_64 options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM OPENSSLDIR: "/etc/pki/tls" engines: rdrand dynamic