Apache, SSL, Mysql and PHP smooth seamless installation
Posted by: netbull author: Israel Denis Jr. Translation: Yan Zi ------------------------------------ ------------------------------------------- Destination Our goal is to install A web server that allows us to host multiple websites, some of which are security solutions for e-commerce, while most websites are driven by connecting a database server and extracting the script of their data. The tools required for this task are: Apache-a website server MOD_SSL-a security socket layer (SSL) module OpenSSL-Open source code toolbox (MOD_SSL required) RSAREF-only for US users MySQL-a database server PHP - a scripting language "strip big road to Rome" ... so this is only one of the configurations that we can meet. I chose such a configuration because it is the simplest and fastest. The reason for choosing mod_ssl / openssl is because I have its previous experience and is the fastest configuration and the easiest installation. In order to integrate with Apache, I chose PHP and MySQL. Remember, Perl can do anything you want to do, however, PHP is simple and easy to make a programmer who wants to learn it. I hope that you will successfully complete the following goals after the end of this simple guide. Install and set the mysql database server o How to check the status of the mysql server o Know how to use the command line client to access the mysql server O know how to install your DB server from the web to install and set an SSL's Apache website server o Configure a simple configuration. The virtual website O knows how to stop and start the server O know how to do some basic host managed configurations installation and configure the server-side script PHP 4.0 Hypertext pre-processor O know how to write simple PHP code o know how to connect to a DB connection using PHP o Create a simple website with a simple website with a database to create some sample certificates for Apache SSL o know how to generate a CSR file o know how to encrypt a key code O know how to sign your own certificate This article will cover a lot of information. This guide is an entry-based guide that allows you to enter the world of e-commerce, website scripts, and security socket layers (SSL), with the aim of helping you build a security site that is driven by dynamic information stored in the database. This article is not a detailed and comprehensive document, of course there will be some errors (desirable minimum), please remember this when you read it. However, it will arouse your enthusiasm and run the product mentioned earlier, I hope you better understand how these things work. No previous programming knowledge, but assume you a bit computer knowledge background. My goal is to write this document so that any novice can understand what I am talking about. If I reach, then I have a good thing. If you easily establish an e-commerce site, better than I do :-) give me some explanation. Suppose this article assumes that you have installed the following software on your system. Perl (preferably Ver 5 ) Gzip or Gunzip GCC and GNU Make If you don't have this, you will need to take the necessary steps to install them before explaining any process of this article. You also need a basic understanding of UNIX commands, HTML, and SQL. How do you manage a basic understanding of your Linux machine. You also need a completely normal Linux machine, you will install software on it. Of course, you will need the necessary packages listed above to compile the source code, and finally, you have not yet installed Mysql, Apache, or PHP in the Linux machine. Working principles understand what happened behind the scenes is helpful. Here is an over-simplified working principle, the following figure and subsequent explanation are not completely correct, just a key point outline: The situation is: We have a web page that takes out some data from a database.
John Doe requests this page from his browser, requesting to the web server, then call a PHP script. The PHP script is interpreted by the PHP preprocessor and removes data from the database, and then the result is processed by the remaining PHP scripts and transformed into HTML, and the HTML is sent back to the user's browser. Let's see step by step: John Doe Click a link from his browser; his browser sends a request to http://www.yourserver.com/test.php. Apache gets requests for Test.php, it knows .php files should be processed by the PHP Preprocessor (MOD_PHP), so it informs PHP processing it. It knows this because we specify it in the Apache configuration. Test.php is a PHP script containing the command. One of these commands is to open a connection to a database and capture data. PHP processes the connection of the database and explains the SQL call to extract data from DB. The server server gets a connection request from the PHP interpreter and processes this request. The request may be similar to a simple selection statement, or the database table creation, etc. The database then returns the response and results to the PHP interpreter. Apache returns the result to John Doe's browser as a response to him. John Doe now sees a web page that contains some information from a database. If this is a request to https://www.yoursecureserver.com/test.php, the entire process is similar to the above, in addition to each request and response is encrypted and decrypted at both ends, that is, the browser connects Apache, get it Encryption key code, encryption request and send it. The server sees request, decrypt and authenticates it. It handles files, encrypts and send it. The browser is then decrypted with the button of the server. Remember that since the connection is encrypted, it is used in different ports. Port 80 is used in a non-secure connection while port 443 is used in a secure connection. Again again, it is not 100% correct, but it makes you realize that you know the very simple outline of things happening behind the scenes. Since we have a very basic understanding of the goal we are trying to reach, let us continue to install the software. Prepare Apache (web server) -http://www.apache.org mod_ssl (security server layer) -http://www.modssl.org openssl (SSL Toolbox) -http://www.openssl.org PHP ( Scripting language) -http: //www.php.net MySQL (SQL Database Server) -http://www.mysql.com Download All (TAR Files) Sourcecodes into a temporary directory. Guaranteed that you put them in a lot of space ... you should download them as root to avoid permission issues. Our plan Our plan is to first install the MySQL server and ensure it work, then we will install PHP and MOD_SSL, and finally we will install the Apache website server. After we installed apache, we can test whether PHP and Mod_ssl support work. MySQL Source Code Installation (UNIX) You must be used to perform the basic command to install the mysql source code distribution is (from one "TAR" file): By using SU to become a root user. $ su directly enters you with a directory of TAR files. (Using a temporary directory. Use / tmp / download /) #CD / TMP / DOWNLOAD / with the following command to extract files. # Gunzip -d -c mysql-3.22.xx.tar.gz | TAR XVF - Change to a new directory, which is created during the extraction. # cd mysql-3.22.xx Now you can start "configuring" MySQL servers. You can specify a lot of options with configure - Help to view all options. I have already selected - PREFIX specifies the direct path to the installation location.
Configure will check your compiler and something else. If you have any errors, you can check the config.cache file to view an error. # configure --prefix = / usr / local / mysq After you have completed the configuration, you can perform the following command make the true binary code. # Make Now You are ready to install all binary code. Run the following command to install binary code in the directory you specified with the configure -prefix option. # Make Install After you install the binary code, it is time to create a MySQL table for defining permissions. # Scripts / mysql_install_db # cd / usr / local / mysql / bin # ./safe_mysqld & # ./mysqladmin -u root password "new-password" Note: / usr / local / mysql is the directory I choose to install the MySQL server. You can choose another place by changing the directory. You can verify that the server is working by running some simple testing to make sure MySQL is running. The output should be similar to the following: bindir = / usr / local / mysql / bin. Bindir depends on your directory you have in the above prefix. # Bindir / mysqlshow -p --------------- | Databases | --------------- | MySQL | --- ------------ Once you have installed MySQL, it will automatically create 2 databases. A mysql table that controls the user, host, and database permissions in the actual server; the other is a Test database, we can use the TEST database. However, we want to give you an overview of some of the command line options available for a fast and simple MySQL. This will also ensure that all access rights to the DB server, namely: root has licenses for creating a database, database table, etc., so we will create a Test2 database, after we use it for our test. Before you enter MySQL by the command line, you will be prompted by the new password for the root user. Remember that you have changed it before. # mysql -u root -p mysql> show databases; ---------------- | Database | -------------------------------------------------------------------------------------------------------------------------------------------------------- | MySQL | | TEST | ---------------- MySQL> Create Database Test2; Query Ok, 1 ROW Affected (0.00 sec) Now select New Database Use, and create A new table named TST_TBL, there are two fields below. Field 1 is a ID field that allows you to know the ID of the record. In essence, in order to simplify this just a line number. The second field is a Name field, store the book name information. The format of these fields is: Field 1 (ID) is an integer (int) having a length of 3, and field 2 (Name) is a character (CHAR) field having a length of 50. For search and index data, we specify the ID as a key code. MySQL> Use Test2; Database Changed MySQL> Create Table Books (ID INT (3) Not Null -> Auto_Increment, Name Char (50) Not Null, -> Unique (ID), Primary Key (ID); Query Ok, 0 Rows Affected (0.00 sec) Now we use the following command to verify that everything is correct.
Mysql> Show Tables -------------------- | Tables in test2 | ----------------- ---- | Books | -------------------- 1 ROW IN Set (0.00 sec) mysql> describe books; --- - ------------ ------ ---- ---------- -------- ---------------- | Field | TYPE | NULL | Key | Default | Extra | ------- --------- - ------ ------ ------------------------------------------------------------------------------------------------------------------------------------------------ - | ID | INT (3) | | Pri | 0 | Auto_Increment | | Name | | | | | ------- --------- - ------ ------ ------------------------------------------------------------------------------------------------------------------------------------------------ - 2 ROWS IN SET (0.00 sec) Notice the describe command basically "describes" the layout of the table. Quite good! Ok, I will try some useful SQL commands, insert and select data from the database, and now add a few records to the new table. Remember these is a simple book name record, but once you get SQL enough experience, you can create a real complex database for some large e-commerce sites. Let's create 2 records of 2 books. The first record is the name of a book I wrote in the future - "PHP 4 Newbies", another is a very useful Linux book, "Red Hat Linux 6 Server", by Mohammed J. Kabir . Mysql> Insert Into Books ("PHP 4 Newbies"); Query Ok, 1 Row Affected (0.00 Sec) MySQL> Insert Into Books ("Red Hat Linux 6 Server); Query Ok, 1 Row Affected (0.00 sec) Now we can check new records, issue a "Select all" command mysql> select * from books; ---- --------------- ----------------- | ID | NAME | ---- --------------------- ------------- | 1 | PHP for newbies | | 2 | Red Hat Linux 6 Server | ---- -------------- -------------------- 2 ROWS IN Set (0.00 sec) is very good, the MySQL server has a complete role. We can continue to join, but there is no significance at this time. Note how you don't have to specify the ID number when you add a record to your database, because you created an ID field that enables the Auto_Increment option. Let me demonstrate how to make a quick delete. This is just letting you know, remember, you can find all the information about mysql commands and servers on MySQL website http://www.mysql.com.
Mysql> delete from books where id = 1; query ok, 1 row affected (0.00 sec) mysql> select * from books; ---- --------------- ------------------ | ID | Name | ---- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------- | 2 | Red Hat Linux 6 Server | ---- ----------------- ---------------- 1 ROW IN Set (0.00 sec) Ok, exit MySQL and continue to install. You can do all the installation and everything is working properly after playing MySQL. PHP Installation (UNIX) is now installed in the PHP language. You have downloaded the latest Beta, but you might have to download non-beta versions. Remember that the beta version requires GNU Make. You still assume that it is root, if not, SU returns to root. PHP requires you to configure Apache in advance so that it can know where the thing you need. When you install the Apache server, you will return here. Change to your directory with source code. # CD / TMP / DOWNLOAD # gunzip -c apache_1.3.x.tar.gz | TAR XF - # CD Apache_1.3.x # ./configure # cd .., now you can start PHP installation. Extract the source code file and enter its directory. If you download version 3, there is a change in numbers and commands, there is no change. # Gunzip -c php-4.0.x.tar.gz | TAR XF - # CD PHP-4.0.x If you are compiling code, Configure will always be your friend. :-) Therefore, configure has a lot of options. Use configure --help to determine which you want to add. I just need mysql and ldap, and of course Apache. # ./configure --with-mysql = / usr / local / mysql / --with-xml / --with-apache = .. / apache_1.3.x / --enable-track-vars / --with- LDAP Make and install binary code. # Make # make install Copy the INI file to the lib directory. # CP php.ini-dist /usr/local/lib/php.ini You can edit the PHP file to set the PHP option, if you can add the following lines in your php.ini file, increase the Max_Execution_time of PHP. MAX_EXECUTION_TIME = 60; Note: PHP3 users will use php3.ini, and PHP4 users will use the php.ini file. Apache is configured with mod_ssl and installs Mod_ssl and Apache. In this regard, you will need RSAREF-2.0 files. Search "Rsaref20.tar.z" on http://ftpsearch.lycos.com/. If you don't like Lycos, you can choose other search engines to search for files. Of course, this file is only needed in the United States. (Take it, you can also download it from elsewhere, first in http://ftpsearch.ntnu.no/ "Rsaref20.tar.z", a lot!.) Create a RASREF directory, you will extract files in this directory. note. This assumes that you have downloaded a temporary directory, and you are in this directory.
# MKDIR RSAREF-2.0 # cd rsaref-2.0 # gzip -d -c ../rsaref20.tar.z | TAR XVF - Now configured and constructed the OpenSSL library. # cd rsaref-2.0 # cp -rp install / unix local # cd local # make # mv rsaref.a librsaref.a # cd ../ .. Install OpenSSL. Remember that you will use it to create a temporary certificate and a CSR file. --prefix option Specifies the main installation directory. # cd openssl-0.9.x # ./config -prefix = / usr / local / ssl / -l`pwd` /../ rsaref-2.0 / local / rsaref -fpic now make, test and install it. # Make # make test # make install # cd .. We will configure the mod_ssl module, then use the Apache configuration to specify it as a loaded module. # cd mod_ssl-2.5.x-1.3.x # ./configure / --with-apache = .. / apache_1.3.x / # cd .. Now we can add more Apache modules to Apache source tree in. Optional --enable-shared = SSL option makes the mod_ssl configuration becomes a DSO "libssl.so". About more information on Apache supports DSO, read the install and htdocs / manual / dso.html documents in the Apache source tree. I strongly recommend that ISP and software packaging maintaines use DSO tools most flexibly, but note that DSO is not supported on all platforms.
# cd apache_1.3.x # SSL_BASE = .. / OpenSSL-0.9.x / RSA_BASE = .. / RSAREF-2.0 / local / ./configure / --enable-module = SSL / --Activate-module = src / Modules / PHP4 / LIBPHP4.A / --ENABLE-MODULE = php4 --prefix = / usr / local / apache / --enable-shared = SSL [... you can join more options ...] Build apache , Then generate a certificate, and install ... # make if you have finished correctly, you will get the following information: --------------------- -------------------------------------------------- | Before you install the package you now should prepare the SSL | | certificate system by running the "make certificate" command | | For different situations the following variants are provided:. | | | |% make certificate TYPE = dummy (dummy self -signed Snake Oil cert) | |% make certificate TYPE = test (test cert signed by Snake Oil CA) | |% make certificate TYPE = custom (custom cert signed by own CA) | |% make certificate TYPE = existing (existing cert ) | | CRT = / path / to / Your.crib = / path / to / Your.key] | | | | | | | | | @ Type = Test When you YOU "RE An Admin But Want To D O Tests ONLY, | | THEPE = Custom When You "Re an Admin Willing to Run A Real Server | | And type = effects a server. | | (The default is type = test) | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | || THANKS for Using Apache & Mod_ssl. Ralf S. Engelschall | | rse@engelschall.com | | www.engelschall.com | ----------------------- ------------------------------------------------ now You can create a custom certificate.
This option will prompt your address, company, and others. For a certificate, see the end of this article. # make certificate type = Custom now install apache ... # make install If everything is normal, you should see the following information: -------------------- -------------------------------------------------- ------------ | You now Have Success Fully Built and Installed The | | | Works Correctly You Now Should First Check The | | (Initially Created OR) Preserved) | | | | /usr/local/apache/conf/httpd.conf | | And the you shop becomle to immediately fire up | | apache the first time by running: | | | | / usr / local / Apache / bin / apachectl start | | or when you want to run it with ssl enabled us: | | | | / usr / local / apache / bin / apachectl startssl | | Thanks for use apache. The apache group | | http: / / www.apache.org/ | ----------------------------------------- ----------------------------------------- Now verify that apache and php are working . However, we need to edit srm.conf and httpd.conf to ensure that we add PHP types to the configuration. View httpd.conf and remove the comments below. If you accurately follow the instructions of this article, your httpd.conf file will be in the / usr / local / apache / conf directory. The file has a row for PHP4's AddType, and now removes the comment. HTTPD.CONF file - Draft>> # and for php 4.x, use:> # ---> addtype application / x-httpd-php .php ---> addtype application / x-httpd-php-source. PHPS>> Now we are ready to launch the Apache server to see if it is working. First we will start the server that does not support SSL see if it is started. We will check the support for PHP, then we will stop the server and launch the server that enables SSL support and checks if we are all normal. Configtest will check if all configurations are set correctly. # CD / usr / local / apache / bin # ./apachectl configtest syntax ok # ./apachectl start ./apachectl start: httpd start Test our work Apache is working? If it works fine, when you connect the server with a Netscape, you will see a screen similar to this screen capture. This is basically the page of Apache's default installation. Note: You can connect with the server with the server with the domain name or machine. Check these two situations to ensure that everything is working properly.
Does PHP support work? ? Now test PHP support ... Create a file (name: Test.php), which has the following information. The file needs to be located under the document root path, which should be default to / usr / local / apache / htdocs. Note This relies on our previously selected prefix, however, this can be changed in httpd.conf. Setting multiple virtual hosts will be added in another article, please pay attention, because it will involve some very basic options for installing Apache and its instructions. Test.php file phpinfo ();> It will display information about servers, PHP, and environments. Here is the screen capture of the top of the output page. It's cool, PHP works. Does SSL choose to work? ? Ok, now we are ready to test SSL. Stop the server first, and restart it in an option to enable SSL. # / usr / local / apache / bin / apachectl stop # / usr / local / apache / bin / apachectl startssl test it works: by connecting with a Netscape with the server and selecting the HTTPS protocol, ie: https: //youserver.yourDomain .com or http://yourser.yourdomain.com:443, you can also try your server's IP address, namely: https: //xxx.xxx.xxx.xxx and http://xxx.xxx.xxx .xxx: 443. If it works, the server will send the certificate to the browser to create a secure connection. This will let the browser prompt you to accept the certificate you sign. If it is a certificate from VeriSign or Thawte, the browser will not prompt you because the certificate comes from a trusted certificate authority (CA). In our case, we created and signed our own certificate ... we don't want to buy one right away. First, we want to ensure that we can make everything. You will see the following options in Netscape. This tells you a safe connection has been established. Can PHP and MySQL work together? ? Now, we can determine that PHP can work with MySQL and do some inserts and data deletions for the "Test2" database by creating a simple script. Just a simple script to test if it works. In another article we will discuss the PHP script to connect a MySQL database. I still remember that we have created a database and a table. We can complete it now, but I have to choose not. I want to check ROOT has permission to create a database and table, however, PHP provides the supply of MySQL, so I can easily write code to create a test database and several records. I remember that we have created a book database. If you skip your previous content, this part will not work. We created a TEST2 database with a "books" table and inserted a record into a book. This script basically browsing the table and lists all field names, which is really simple.
$ dbuser = "root"; $ dbhost = "localhost"; $ dbpass = "password"; $ dbname = "test2"; $ dbtble = "books"; $ mysql_link = mysql_connect ($ dbhost, $ dbuser, $ dbpass); $ column = mysql_list_fields ($ DBNAME, $ dbtble, $ mysql_link); for ($ I = 0; $ I
While ($ value = mysql_fetch_Array ($ result)) {print
"; // this loop goes through the colums and prints // Each Value for ($ I = 0; $ I $ VALUE [$ I] ";} print" "} mysql_free_result ($ result); mysql_close ();?> Note that we can actually have HTML and PHP commands in the same file. This is the wonderful place of the PHP script. The setting of the virtual host is now setting up Apache to handle some virtual hosts. Due to the flexibility provided by Apache, the virtual host can be easily done. First you need a DNS server to point the domain name of the virtual host to the IP address of the web server. Use a CNAME record in DNS to point your_virtual_domain.com to the server's IP. Second, you need to modify the Apache profile httpd.conf to increase the new virtual domain name. Remember, this is just a very basic example, you have courage to read the Apache instruction. Let us look at an example of httpd.conf. Httpd.conf pieces # --------------------------------------------- ----------- # # Virtual host section non-ssl # ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------- # # Virtualhost Directive Allows you to specify another virtual # domain on your server. Most Apache Options Can Be Specified # Within this section. # Mail to this address on errors ServerAdmin webmaster@domain1.com # Where documents are kept in the virtual domain # this is an absolute path. So you may want to put # in a location where the owner can get to it. DocumentRoot /home/vhosts/domain1.com/www/ # Since we will use PHP to create basically # all our file we put a directive to the Index file. DirectoryIndex index.php # Name of the server ServerName www.domain1.com # log files Relative to ServerRoot option ErrorLog logs / domain1.com-error_log TransferLog logs / domain1.com-access_log RefererLog logs / domain1.com-referer_log AgentLog logs / domain1.com-agent_log # Use CGI scripts in this domain. in the next case You # can see That it does not have CGI scripts. Please # read up on the security issues relating to CGI-scripting. ScriptAlias / cgi-bin / /var/www/cgi-bin/domain1.com/ AddHandler cgi-script .cgi AddHandler cgi-script .pl # This is another domain. Note that you could host # multiple domains this way ... # Mail to this address on errors ServerAdmin webmaster@domain2.com # Where documents are kept in the virtual domain DocumentRoot /virtual/domain2.com / www / html # Name of the server ServerName www.domain2.com # Log files Relative to ServerRoot option ErrorLog logs / domain2.com-error_log TransferLog logs / domain2.com-access_log RefererLog logs / domain2.com-referer_log AgentLog logs / domain2 .com-agent_log # no cgi S for this host # end: Virtual Host Section Use the above example to create your own virtual host on your server. If you want to read each directive from the Apache website, its URL is: http://www.apache.org. SSL virtual hosts Create an SSL virtual host similar to non-SSL. In addition to you need to specify additional instructions, and you need to add a DNS record and modify httpd.conf. Here is an example. # -------------------------------------------- # SSL Virtual Host Context # ------------------------------------------ # # general setup for the virtual host DocumentRoot / usr / local / apache / htdocs ServerAdmin webmaster@securedomain1.com ServerName www.securedomain1.com ErrorLoglogs / domain1.com-error_log TransferLog logs / domain1.com-transfer_log # SSL Engine Switch: # Enable / Disable SSL for this virtual host SSLEngine on # Server Certificate:.. # Point SSLCertificateFile at a PEM encoded certificate If # the certificate is encrypted, then you will be prompted for a # pass phrase Note that a kill -HUP will prompt again A test.. # certificate can be generated with `make certificate" under # built time. Keep in mind that if you "ve both a RSA and a DSA # certificate you can configure both in parallel (to also allow # the use of DSA ciphers, etc. ) # Note That I Keep My Certificate Files Located in a CENTRAL # location. You Could Change this if you are an isp, or asp. Sslcertificatefile / usr / l Ocal / Apache / conf / ssl.crt / server.crt # server private key: # i i i er er b t # directive to point point at the key file. Keep in mind That if # you "VE Both A RSA and A DSA Private Key You Can Configure # Both in Parallel (To Also Allow The Use of DSA Ciphers, etc.) SSLCERTIFICATEKEYFILE /USR /SR /SERVAL/APACHE/conf/ssl.key/server.key # per-server logging: # THE Home of a Custom SSL log file. Use this when Want A # Compact Non-Error SSL logfile on a Virtual Host Basis. CustomLog / USR / local / apache / logs / ssl_request_log / "% T% h% {ssl_protocol} X% {ssl_cipher} x / "% r /"% b "Remember that you have a lot of instructions to specify. We will discuss in another article on configuring Apache, this article is just an entry guide. Generating a certificate This is a description of how to generate a certificate of the certificate. Create an RSA private key (encrypted by Triple-DES): #okeenssl genrsa -des3 -out server.Key 1024, back up this Server.Key file in a secure place. Remember the pass phrase you entered! You can see the details of this RSA private key by the following command. # OpenSSL RSA -NoOut -Text -in Server.Key and you can create a encrypted PEM version (not recommended) for this RSA private key, by the following command: #okeenssl rsa -in server.key -out server.key .unsecure generates a certificate sign request with a server RSA private key (output will be PEM format): #okeenssl rec-new -key server.key -out server.csr When OpenSSL prompts you " When CommonName, make sure you entered the server's FQDN ("Fully Qualified Domain Name"), that is, when you use https://www.foo.dom/ access to the "WWW" .foo.dom. You can view the details of the CSR with the following commands: #okeenssl rec --noout -text -in server.csr Send CSR to a CA Now you must send the CSR to a CA to sign, then the result is available for Apache A true certificate. There are two options: The first, you can sign a certificate via a commercial CA such as VeriSign or Thawte. Then you usually put the CSR into a web form, pay the signing fee and wait for the signed certificate, and then you can exist it in a server.crt file. For more information on commercial CAs, see the links below: VeriSign - http://digitalid.verign.com/server/apachenotice.htm Thawte consulting - http://www.thawte.com/certs/server/request. Html Certisign Certificadora Digital Ltd. - http://www.certisign.com.br iks gmbh - http://www.iks-jena.de/produkte/ca/ uptime Commerce Ltd. - http://www.uptimecommerce. COM Belsign NV / SA - http://www.belsign.be The second of your own CA, you can use your own CA and sign CSR by this CA. You can create your own certification centers to sign your certificate. The easiest way is to use the CA.SH or CA.PL script provided by OpenSSL. More complicated and manual methods are: create an RSA private key for your CA (encrypted by Triple-DES and formatted PEM): #okeenssl genrsa -des3 -out ca.key 1024 please in safe place Back up this CA.Key file. Remember the pass phrase you entered! You can see the details of this RSA private key by the following command. # OpenSSL RSA -NoOut -Text -in Ca.key and you can create a encrypted PEM version (not recommended) for this RSA private key, by the following command: #okeenssl rsa -in ca.key -out ca.Key .unsecure creates a self-signed CA certificate (X509 structure) using the CA's RSA key (output will be PEN format): #okeenssl rec-new -x509 -days 365 -key ca.key -out ca.crt you can View the details of the certificate by the following command: #okeenssl x509 -noout -text -in ca.crt Prepare a signed script, because the "OpenSSL CA" command has some strange requirements and the default OpenSSL configuration is not allowed Use the "OpenSSL CA" command directly, so a script named Sign.sh distributes a release (subdirectory pkg.contrib /) with mod_ssl. Use this script to sign. Now you can sign the CA's CSR to create a real SSL certificate inside the Apache server (assuming your hand already has a server.csr): # ./sign.sh server.csr it signs the server's CSR and The result is in a server.crt file. Now you have two files: Server.ket and Server.crt. In your apache's httpd.conf file, use them as follows: sslcertificatefile /path/to/this/server.crt sslcertificateKeyFile /Path/to/this/server.key Server.cs is no longer needed. -------------------------------------------------- ------------------------------ Reference Resource http://www.apache.org http://www.modssl.org http://www.openssl.org http://www.php.net http://www.mysql.com http://www.perl.com http://www.cpan.org Original: http: / / www.devshed.com/server_side/php/soothinglyseamless/ Source: Linux Database Application Guide
