编译安装OPENSSL和APACHE

今天在CentOS6.6上编译安装OpenSSL 1.0.1和Apache 2.2.31,总是报告checking for SSL_CTX_new... no错误,最后在国外一个网站上找到解决办法。人家就一句话就搞定了,效率啊...

一、卸载原来的OpenSSL

查询原安装包

rpm -qa|grep openssl*

或,

rpm -qa|grep ssl*

[root@localhost tmp]# rpm -qa |grep ssl
openssl-0.9.8e-12.el5_4.6
docbook-style-dsssl-1.79-4.1
openssl-devel-0.9.8e-12.el5_4.6
openssl-0.9.8e-12.el5_4.6
openssl-devel-0.9.8e-12.el5_4.6
mod_ssl-2.2.3-43.el5

然后把它们全部卸载掉。卸载方法,参考:Linux下如何卸载软件

二、编译安装openssl

# cd /tmp
# wget http://www.openssl.org/source/openssl-1.0.1.tar.gz
# tar xzvf openssl-1.0.1.tar.gz
# cd openssl-1.0.1
# ./config --prefix=/usr/local/openssl
# make && make install

安装openssl这里设置路径为/usr/local/openssl,下文已经后续安装其它软件,凡是涉及到ssl的,也同样需要指定这个路径,因为我们没有按照系统默认的路径安装。

三、编译安装Apache

# wget http://www.apache.org/dist/httpd/httpd-2.2.31.tar.gz
# tar zxvf httpd-2.2.31.tar.gz
# cd httpd-2.2.31
# ./configure --prefix=/usr/local/apache2 --enable-so --enable-rewrite --enable-ssl --with-ssl=/usr/local/openssl
# make && make install

错误如下:

checking whether to enable mod_ssl... checking dependencies
checking for SSL/TLS toolkit base... /usr/local/ssl
adding "-I/usr/local/ssl/include" to CPPFLAGS
adding "-I/usr/local/ssl/include" to INCLUDES
adding "-L/usr/local/ssl/lib" to LDFLAGS
checking for OpenSSL version... checking openssl/opensslv.h usability... yes
checking openssl/opensslv.h presence... yes
checking for openssl/opensslv.h... yes
checking openssl/ssl.h usability... yes
checking openssl/ssl.h presence... yes
checking for openssl/ssl.h... yes
OK
forcing SSL_LIBS to "-lssl -lcrypto "
adding "-lssl" to LIBS
adding "-lcrypto" to LIBS
checking openssl/engine.h usability... yes
checking openssl/engine.h presence... yes
checking for openssl/engine.h... yes
checking for SSLeay_version... yes
checking for SSL_CTX_new... no
checking for ENGINE_init... no
checking for ENGINE_load_builtin_engines... no
checking for SSL_set_cert_store... no
configure: error: ... Error, SSL/TLS libraries were missing or unusable 

这在APACHE上一个版本时,有个类似的BUG(地址:https://issues.apache.org/bugzilla/show_bug.cgi?id=48880),那时SSLeay_version... yes这一句都不会过SSLeay_version... no。

最后找到解决办法,执行如下一句设置环境变量:

export LDFLAGS=-ldl

四、APACHE开启HTTPS配置

Redhat下如果是源码编译安装apache2,只需修改../apache2/conf/httpd.conf其中的,

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf

注释去掉,然后再修改:.../conf/extra/httpd-ssl.conf文件,



#   General setup for the virtual host
DocumentRoot "/var/www/html"
ServerName 12.34.56.78:443
ServerAdmin [email protected]
ErrorLog "/usr/local/apache2/logs/error_log"
TransferLog "/usr/local/apache2/logs/access_log"
...

设置证书文件路径SSLCertificateFile和SSLCertificateKeyFile文件路径,如果使用的证书SSLCertificateFile里已包含服务器私钥,则需把下面的设置项SSLCertificateKeyFile注释关闭。

SSLCertificateFile "/usr/local/apache2/conf/apache.pem"
#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt"


#SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key"

特别感谢:

你可能感兴趣的:(其他)