📄 398.html
字号:
<STYLE type=text/css>
<!--
body,td { font-size:9pt;}
hr { color: #000000; height: 1px}
-->
</STYLE>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML>
<HEAD><TITLE>精选文章 >> solaris 专栏 >> Solaris 下安装 Apache DSO with SSL, MM, and Tomcat 3.2 final</title>
</head>
<body >
<p><IMG SRC="../image/jsp001_middle_logo.gif" WIDTH="180" HEIGHT="60" BORDER=0 ALT=""></p>
<table width=100% bgcolor="#cccccc" align=center cellpadding="2" cellspacing="0" border=1 bordercolorlight="#000000" bordercolordark="#FFFFFF">
<tr bgcolor="#EFF8FF"><td>
<a href=http://www.jsp001.com/list_thread.php?int_attribute=2>精选文章</a>
>> <a href=http://www.jsp001.com/list_thread.php?forumid=39&int_attribute=2>solaris 专栏</a>
>> Solaris 下安装 Apache DSO with SSL, MM, and Tomcat 3.2 final [<a href=http://www.jsp001.com/forum/showthread.php?goto=newpost&threadid=398>查看别人的评论</a>]<br>
<hr><p>由 macro 发布于: 2001-02-13 15:21</p><p> </p><p>This is a log of my installation/Compilation of Apache DSO<br>with SSL, MM, and Tomcat 3.2 final (source distribution)<br>on SunOS heechee 5.7 Generic_106541-10 sun4u sparc SUNW,Ultra-250<br><br> Apache -- the Web Server<br> DSO -- Dynamic Shared Object (additional modules can be added/updated<br> to Apache without the need to recompile the whole thing, similar<br> to shared libraries, but but DSO modules are not only called, but<br> can call routines withing Apache)<br> <br> MM -- memory management or something like that - and add on to Apache<br> and its modules to communicate via shared memory rather than files<br> (faster). <br><br> SSL -- Secure Socket Layer - the encryption and certificate package which<br> works with Apache<br><br> Tomcat -- the Java Server Pages (JSP) and Servlet container which uses the<br> latest Java Servlets spec 2.2, and the latest JSP spec 1.1.<br> It is still being actively developed and has some "features".<br><br>You may want to read my FAQ on Tomcat 3.1 beta 1. since it will be<br>easier to follow this installation log. It is available at:<br> <a href="http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html" target=_blank>http://www.ccl.net/cca/software/UNIX/apache/tomcat3.1b1-faq.html</a><br><br>I use GNU tar. It may be called gtar on your machine. If you do not have it,<br>try to do: <br> gunzup some.tar.gz<br> tar xvf some.tar<br>rather than<br> tar zxvf some.tar.gz<br><br>I assume you have moderately latest GNU tools (gmake, gzip, etc...) installed<br>and you also have a recent version of perl installed <br>(http://www.cpan.org/src/index.html).<br><br>1) Be a root... Run ksh or other sh, but not C-shell.<br><br>2) Installed Java 1.3 under Solaris<br> a) went to <a href="http://www.javasoft.com" target=_blank>http://www.javasoft.com</a><br> b) clicked on Products and API on the left bar<br> c) at the middle of the page under COMPLETE PRODUCT LIST<br> retrieved JDK at "JavaTM 2 SDK, Standard Edition, v 1.3"<br> d) saved files in /tmp:<br> j2sdk1_3_0-solsparc.bin<br> j2sdk1_3_0-doc-solsparc.tar.Z<br> 1.3_Developer-Guide.ps<br> 1.3_Release-Notes.ps<br> did not do any patches<br><br> e) unpacked archive<br> chmod 755 j2sdk1_3_0-solsparc.bin<br> mkdir /usr/local/java3<br> cd /usr/local/java3<br> /tmp/j2sdk1_3_0-solsparc.bin<br><br> f) this created directory /usr/local/java3/j2sdk1_3_0<br> mv /usr/local/java3/j2sdk1_3_0 /usr/local/j2sdk1_3_0<br> cd /usr/local<br> ln -s /usr/local/j2sdk1_3_0 jdk1.3<br><br><br>3) Set your environment variables for Java (I am assuming you use<br> some Bourne shell lookalike -- ksh or sh.<br><br> JAVA_HOME=/usr/local/jdk1.3<br> export JAVA_HOME<br> PATH=/usr/local/bin:${JAVA_HOME}/bin:${PATH}<br> export PATH<br> CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar<br> export CLASSPATH<br><br>3a) Installed JCE 1.2.1 Java Cryptography Extension 1.2.1 <br> Go to: <a href="http://www.javasoft.com/products/jce/" target=_blank>http://www.javasoft.com/products/jce/</a><br> Click on: Download JCE 1.2.1 Software <br> This will get you: jce-1_2_1.zip<br> mkdir /usr/local/JCE<br> cd /usr/local/JCE<br> cp ..../jce-1_2_1.zip .<br> unzip jce-1_2_1.zip<br> Then added the security provider to Java:<br> a) copied JCE jars to lib/ext<br> cp /usr/local/JCE/jce1.2.1/lib/*.jar /usr/local/jdk1.3/jre/lib/ext<br> CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jce1_2_1.jar<br> export CLASSPATH<br> b) edited /usr/local/jdk1.3/jre/lib/security/java.security and added<br> line: <br> security.provider.3=com.sun.crypto.provider.SunJCE<br><br><br><br>3b) Installed JSSE (JavaTM Secure Socket Extension (JSSE) 1.0.1)<br> available from <a href="http://java.sun.com/products/jsse/" target=_blank>http://java.sun.com/products/jsse/</a><br> mkdir /usr/local/jsse<br> with a netscape browser go to: <a href="http://java.sun.com/products/jsse/" target=_blank>http://java.sun.com/products/jsse/</a><br> Click on domestic distribution<br> Logged in, accepted, continue, answerer Yes, Continue, <br> downloaded jsse-1_0_2-do.zip <br> cd /usr/local/jsse<br> cp ..../jsse-1_0_2-do.zip .<br> unzip jsse-1_0_2-do.zip<br> I installed the JSSE as "installed extension" for jdk1.3 and<br> copied them to /usr/local/jdk1.3/jre/lib/ext directory<br> ($JAVA_HOME/jre/lib/ext):<br><br> cp -p /usr/local/jsse/jsse1.0.2/lib/*jar $JAVA_HOME/jre/lib/ext<br> CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jcert.jar<br> CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jnet.jar<br> CLASSPATH=${CLASSPATH}:${JAVA_HOME}/jre/lib/ext/jsse.jar<br> export CLASSPATH<br><br> I then registered the provider in $JAVA_HOME/jre/lib/security/java.security<br> by adding a line:<br> security.provider.4=com.sun.net.ssl.internal.ssl.Provider <br><br>4) Create directory /usr/local/openssl and retrieve latest release of openssl<br> mkdir /usr/local/openssl<br> cd /usr/local/openssl<br> wget <a href="http://www.openssl.org/source/openssl-0.9.6.tar.gz" target=_blank>http://www.openssl.org/source/openssl-0.9.6.tar.gz</a><br><br>5) Compiled the openssl [if you are in Europe, you need to<br> check the mod_ssl INSTALL for the no-idea option. Note RSA released RSAREF<br> to public domain, so I do not have to use RSAREF in US (I believe --<br> I may be wrong).<br><br> cd /usr/local/openssl<br> gtar zxvf openssl-0.9.6.tar.gz<br> cd openssl-0.9.6<br> <br> ./config -fPIC shared \<br> --prefix=/usr/local/openssl \<br> --openssldir=/usr/local/openssl<br><br> make<br> make test<br> make install<br> cp -p /usr/local/openssl/openssl-0.9.6/lib*.a /usr/local/openssl/lib<br> cd /usr/local/openssl/lib<br> rm libcrypto.so<br> rm libcrypto.so.0<br> rm libssl.so<br> rm libssl.so.0<br> ln -s libcrypto.so.0.9.6 libcrypto.so<br> ln -s libcrypto.so.0.9.6 libcrypto.so.0<br> ln -s libssl.so.0.9.6 libssl.so<br> ln -s libssl.so.0.9.6 libssl.so.0<br><br> <br>6) Make top directory for Apache 1.3.12 installation. I did<br> /usr/local/apache_1.3.14<br><br> mkdir /usr/local/apache_1.3.14<br> I also made a subdirectory "sources" to have all needed sources in one<br> place: <br> mkdir /usr/local/apache_1.3.14/sources<br> cd /usr/local/apache_1.3.14/sources<br> Put there the tar files:<br> wget <a href="http://www.apache.org/dist/apache_1.3.14.tar.gz" target=_blank>http://www.apache.org/dist/apache_1.3.14.tar.gz</a><br> wget <a href="http://www.modssl.org/source/mod_ssl-2.7.1-1.3.14.tar.gz" target=_blank>http://www.modssl.org/source/mod_ssl-2.7.1-1.3.14.tar.gz</a><br> wget <a href="http://www.engelschall.com/sw/mm/mm-1.1.3.tar.gz" target=_blank>http://www.engelschall.com/sw/mm/mm-1.1.3.tar.gz</a><br><br> I also serve here local copies of some files (those which are not "munition"<br> according to US export laws which are quite far from present reality).<br> apache_1.3.14.tar.gz<br> mm-1.1.3.tar.gz<br><br>7) Unpack sources to buld DSO Apache with mod_ssl and mm:<br><br> cd /usr/local/apache_1.3.14<br> cd sources<br> gtar zxvf apache_1.3.14.tar.gz<br> gtar zxvf mod_ssl-2.7.1-1.3.14.tar.gz<br> gtar zxvf mm-1.1.3.tar.gz<br><br>8) Compiled MM shared memory library<br> cd /usr/local/apache_1.3.14/sources/mm-1.1.3<br> ./configure --disable-shared<br> make<br><br>9) Configured mod_ssl<br> cd /usr/local/apache_1.3.14/sources/mod_ssl-2.7.1-1.3.14<br> EAPI_MM=../mm-1.1.3 <br> ./configure \<br> --with-apache=/usr/local/apache_1.3.14/sources/apache_1.3.14<br><br><br>10) Configure and make and install Apache with DSO support:<br> cd /usr/local/apache_1.3.14/sources/apache_1.3.14<br> SSL_BASE=/usr/local/openssl/openssl-0.9.6 \<br> EAPI_MM=/usr/local/apache_1.3.14/sources/mm-1.1.3 \<br> ./configure --prefix=/usr/local/apache_1.3.14 \<br> --enable-module=so \<br> --enable-rule=SHARED_CORE \<br> --enable-module=most \<br> --enable-shared=max \<br> --enable-module=ssl \<br> --enable-shared=ssl<br> <br> make<br> make certificate TYPE=custom<br> make install<br><br><br> My entries for certificates with <br> make certificate TYPE=custom<br> were defaults, no passwords/passphrases, etc. and:<br> STEP 0: R<br> STEP 2:<br> 1. Country Name [XY]:US<br> 2. State or Province Name [Snake Desert]:Ohio<br> 3. Locality Name [Snake Town]:Columbus<br> 4. Organization Name [Snake Oil, Ltd]:OSC<br> 5. Organizational Unit Name [Cer..Authority]:Gateway<br> 6. Common Name [Snake Oil CA]:heechee.osc.edu<br> 7. Email Address [ca@snakeoil.dom]:jkl@osc.edu<br> 8. Certificate Validity [365]:1000<br><br> STEP 3: 3<br> STEP 5:<br> 1. Country Name [XY]:US<br> 2. State or Province Name [Snake Desert]:Ohio<br> 3. Locality Name [Snake Town]:Columbus <br> 4. Organization Name [Snake Oil, Ltd]:OSC<br> 5. Organizational Unit Name [Webserver Team]:PSE<br> 6. Common Name [www.snakeoil.dom]:heechee.osc.edu<br> 7. Email Address [www@snakeoil.dom]:jkl@osc.edu<br> 8. Certificate Validity [365]:1001<br> STEP 6: 3<br> STEP 7:n<br> STEP 8:n<br> <br> In fact, in my real case, after I did "make install", I overwrote<br> the certificates created here with the real ones. I created "real"<br> certificates a few months ago. <br><br>11) Set the environment:<br>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -