apache + openssl build

Others 2019-08-25 20:23:11 views: null

Recently vulnerability scan found a lot of problems, and therefore upgrade apache, and install the new version of openssl, and do not conflict with the openssl and systems

A package needs and environment

Environment: centos7.6 
OpenSSL version

[root@localhost ~]# openssl version -a
OpenSSL 1.0.2k-fips 26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options: bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx)
compiler: gcc -I. -I.. -I../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: rdrand dynamic

Install the required packages

yum -y install gcc* expat-devel

Two apache install the latest needs of other packages apr apr-util pcre

cd /usr/local/src
tar xf apr-1.7.0.tar.gz
cd apr-1.7.0/
./configure --prefix=/usr/local/apr
make && make install

cd ..
tar xf apr-util-1.6.1.tar.gz
cd apr-util-1.6.1/
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr
make && make install

cd ..
tar xf pcre-8.43.tar.gz
cd pcre-8.43/
./configure --prefix=/usr/local/pcre
make && make install

cd ..
tar xf openssl-1.1.1c.tar.gz 
cd openssl-1.1.1c/
./config --prefix=/usr/local/ssl --shared
make && make install
echo "/usr/local/ssl/lib" >>/etc/ld.so.conf
ldconfig     #使库文件生效

Three install apache

cd ..
tar xf httpd-2.4.41.tar.gz
cd httpd-2.4.41/
./configure --prefix=/usr/local/httpd --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-pcre=/usr/local/pcre \
 --enable-so --enable-rewrite --enable-ssl --with-ssl=/usr/local/ssl --with-mpm=prefork
make && make install

Four simple to modify the configuration to start

vim /usr/local/httpd/conf/httpd.conf
ServerName localhost:80

/usr/local/httpd/bin/apachectl start

Five configuration access https

# Private 
/ usr / local / ssl / bin / OpenSSL genrsa-des3--out server.key 1024 # generate a server certificate request 
OpenSSL REQ -new -key server.key - OUT server.csr
 # from visa 
[root @ mylinux conf] # / usr / local / SSL / bin / OpenSSL X509 -req -days 700 -out server.key--IN-in server.csr -signkey server.crt the Signature OK 
Subject = C = the CN, ST = Beijing, Beijing L =, O = Lenovo.com, OU = IT, CN = liullm7 
the Getting Private key 
the Enter Pass phrase for server.key: 
vim the httpd.conf 
the Include conf / Extra / httpd- the ssl.conf # httpd-file inside the ssl.conf two key name serve.crt server.key




Ssl_module modules LoadModule / mod_ssl.so
LoadModule socache_shmcb_module modules / mod_socache_shmcb.so 

remove the private key phrases, do not start when he entered 
[root @ MyLinux conf] # / usr / local / ssl / bin / OpenSSL rsa -IN server.key -out Server. Key 
the Enter Pass phrase for server.key: 
Writing RSA Key

 / usr / local / httpd / bin / apachectl restart

View openssl six cases

 

[root@mylinux ~]# /usr/local/ssl/bin/openssl version -a
OpenSSL 1.1.1c  28 May 2019
built on: Thu Aug 22 15:33:35 2019 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/usr/local/ssl/ssl"
ENGINESDIR: "/usr/local/ssl/lib/engines-1.1"
Seeding source: os-specific
[root@mylinux ~]# openssl version -a
OpenSSL 1.0.2k-fips  26 Jan 2017
built on: reproducible build, date unspecified
platform: linux-x86_64
options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: gcc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT -m64 -DL_ENDIAN -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches   -m64 -mtune=generic -Wa,--noexecstack -DPURIFY -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/pki/tls"
engines:  rdrand dynamic

 

Guess you like

Origin www.cnblogs.com/mmyy-blog/p/11408442.html
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com