SSLOpenSSLConfCmd httpd 2.4.8 में उपलब्ध निर्देश (जो जारी नहीं किया गया था) और बाद में, यदि ओपनएसएसएल 1.0.2 या बाद का उपयोग कर रहा है।
Apache 2.4.8 (जारी नहीं) के साथ परिवर्तन ... mod_ssl: SSLOpenSSLConfCmd निर्देशन शुरू करके OpenSSL कॉन्फ़िगरेशन कमांड के लिए समर्थन जोड़ें। [स्टीफन हेंसन, कास्पर ब्रांड] ...
एपीआर का निर्माण करें
# ./configure --host=x86_64-redhat-linux-gnu --build=x86_64-redhat-linux-gnu --prefix=/opt/apr-1.5.2 --with-devrandom=/dev/urandom
APR-UTIL का निर्माण करें
# ./configure --prefix=/opt/apr-util-1.5.4 --with-ldap --with-crypto --with-openssl=/opt/openssl-1.0.2a --with-apr=/opt/apr-1.5.2
अपाचे का निर्माण करें
# ./configure --prefix=/opt/httpd-2.4.12 --enable-mpms-shared=all --with-pcre --enable-mods-shared=all --enable-ssl --with-ssl=/opt/openssl-1.0.2a --with-apr=/opt/apr-1.5.2 --with-apr-util=/opt/apr-util-1.5.4 --enable-session-crypto
...
configure:
setting INCLUDES to "-I."
adding "-I$(top_srcdir)/os/$(OS_DIR)" to INCLUDES
adding "-I$(top_srcdir)/include" to INCLUDES
adding "-I/opt/apr-1.5.2/include/apr-1" to INCLUDES
adding "-I/opt/apr-util-1.5.4/include/apr-1" to INCLUDES
adding "-I/opt/openssl-1.0.2a/include" to INCLUDES
...
Mod_ssl.so की जाँच करें
# ldd mod_ssl.so | grep ssl
libssl.so.1.0.0 => /opt/openssl-1.0.2a/lib/libssl.so.1.0.0 (0x00007f6f3c6bd000)
libcrypto.so.1.0.0 => /opt/openssl-1.0.2a/lib/libcrypto.so.1.0.0 (0x00007f6f3c287000)
# strings mod_ssl.so | grep SSLOpenSSLConfCmd
SSLOpenSSLConfCmd
AH02407: "SSLOpenSSLConfCmd %s %s" failed for %s
AH02556: "SSLOpenSSLConfCmd %s %s" applied to %s
अपाचे सेटिंग्स की जाँच करें
# ./httpd -v
Server version: Apache/2.4.12 (Unix)
Server built: Mar 27 2016 16:29:30
# ./httpd -V
Server version: Apache/2.4.12 (Unix)
Server built: Mar 27 2016 16:29:30
Server's Module Magic Number: 20120211:41
Server loaded: APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture: 64-bit
Server MPM: event
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/opt/httpd-2.4.12"
-D SUEXEC_BIN="/opt/httpd-2.4.12/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
# /opt/httpd-2.4.12/bin/apachectl -t
Syntax OK
वर्चुअल होस्ट सेटिंग्स
# conf/extra/httpd-ssl.conf
Listen 443
SSLOpenSSLConfCmd DHParameters /etc/pki/httpd/dhparams_2048.pem
SSLCipherSuite kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2
SSLHonorCipherOrder on
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/opt/httpd-2.4.12/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLProtocol All -SSLv2 -SSLv3
<VirtualHost _default_:443>
DocumentRoot "/opt/httpd-2.4.12/htdocs"
ServerName ssllabs.example.com:443
ServerAdmin webmaster@example.com
ErrorLog "/opt/httpd-2.4.12/logs/error_log"
TransferLog "/opt/httpd-2.4.12/logs/access_log"
SSLEngine on
SSLCertificateFile /etc/pki/httpd/server.pem
SSLCertificateKeyFile /etc/pki/httpd/server.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/httpd-2.4.12/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
CustomLog "/opt/httpd-2.4.12/logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
परीक्षा परिणाम
