Keep on going, never give up.

编译安装OPENSSL和APACHE

今天在Redhat 5.4上编译安装OpenSSL 1.0.1和Apache 2.2.22,总是报告checking for SSL_CTX_new... no错误,最后在国外一个网站上找到解决办法。人家就一句话就搞定了,效率啊...

一、卸载原来的OpenSSL

查询原安装包

rpm -qa|grep openssl*

或,

rpm -qa|grep ssl*

[root@localhost tmp]# rpm -qa |grep ssl
openssl-0.9.8e-12.el5_4.6
docbook-style-dsssl-1.79-4.1
openssl-devel-0.9.8e-12.el5_4.6
openssl-0.9.8e-12.el5_4.6
openssl-devel-0.9.8e-12.el5_4.6
mod_ssl-2.2.3-43.el5

然后把它们全部卸载掉。卸载方法,参考:Linux下如何卸载软件

二、编译安装openssl

# cd /tmp
# wget http://www.openssl.org/source/openssl-1.0.1.tar.gz
# tar xzvf openssl-1.0.1.tar.gz
# cd openssl-1.0.1
# ./config --prefix=/usr/local/openssl
# make && make install

安装openssl这里设置路径为/usr/local/openssl,下文已经后续安装其它软件,凡是涉及到ssl的,也同样需要指定这个路径,因为我们没有按照系统默认的路径安装。

三、编译安装Apache

# wget http://www.apache.org/dist/httpd/httpd-2.2.22.tar.gz
# tar zxvf httpd-2.2.22.tar.gz
# cd httpd-2.2.22
# ./configure --prefix=/usr/local/apache2 --enable-so --enable-rewrite --enable-ssl --with-ssl=/usr/local/openssl
# make && make install

错误如下:

checking whether to enable mod_ssl... checking dependencies
checking for SSL/TLS toolkit base... /usr/local/ssl
adding "-I/usr/local/ssl/include" to CPPFLAGS
adding "-I/usr/local/ssl/include" to INCLUDES
adding "-L/usr/local/ssl/lib" to LDFLAGS
checking for OpenSSL version... checking openssl/opensslv.h usability... yes
checking openssl/opensslv.h presence... yes
checking for openssl/opensslv.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
OK
forcing SSL_LIBS to "-lssl -lcrypto "
adding "-lssl" to LIBS
adding "-lcrypto" to LIBS
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for SSLeay_version... yes
checking for SSL_CTX_new... no
checking for ENGINE_init... no
checking for ENGINE_load_builtin_engines... no
checking for SSL_set_cert_store... no
configure: error: ... Error, SSL/TLS libraries were missing or unusable 

这在APACHE上一个版本时,有个类似的BUG(地址:https://issues.apache.org/bugzilla/show_bug.cgi?id=48880),那时SSLeay_version... yes这一句都不会过SSLeay_version... no。

最后找到解决办法,执行如下一句设置环境变量:

export LDFLAGS=-ldl

四、APACHE开启HTTPS配置

Redhat下如果是源码编译安装apache2,只需修改../apache2/conf/httpd.conf其中的,

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf

注释去掉,然后再修改:.../conf/extra/httpd-ssl.conf文件,

<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/var/www/html"
ServerName 12.34.56.78:443
ServerAdmin you@example.com
ErrorLog "/usr/local/apache2/logs/error_log"
TransferLog "/usr/local/apache2/logs/access_log"
...

设置证书文件路径SSLCertificateFile和SSLCertificateKeyFile文件路径,如果使用的证书SSLCertificateFile里已包含服务器私钥,则需把下面的设置项SSLCertificateKeyFile注释关闭。

SSLCertificateFile "/usr/local/apache2/conf/apache.pem"
#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt"


#SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key"

特别感谢:

Unable to compile Apache-2.2.22 with OpenSSL-1.0.1 网址:http://www.linuxforums.org/

更多文章:

隐私保护:Google SSL加密搜索设置及使用

Windows下OpenSSL安装配置

Ubuntu下APACHE HTTPS安装和配置

Apache服务器httpd.conf配置文件说明

如何为Apache绑定多IP多域名

相关评论(0):  

发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

订阅博客

最新文章

本站采用创作共用版权协议, 要求署名、非商业用途和保持一致. 转载也必须遵循“署名-非商业用途-保持一致”的创作共用协议. 返回顶部
Copyright@2005-2016 Metsky.com, All rights Reserved.