{"id":77,"date":"2007-09-01T21:32:37","date_gmt":"2007-09-02T05:32:37","guid":{"rendered":"http:\/\/learnbyblogging.com\/?p=77"},"modified":"2007-09-01T21:32:37","modified_gmt":"2007-09-02T05:32:37","slug":"installing-apache2-with-ssl-httpd-on-solaris-10","status":"publish","type":"post","link":"https:\/\/learnbyblogging.com\/?p=77","title":{"rendered":"Installing Apache2 with SSL (httpd) on Solaris 10"},"content":{"rendered":"

Most of the below are copied from Mel Lester Jr. (meljr@meljr.com) with some minor modifications to his tips<\/a>: <\/p>\n

Apache 2.xx is included with Solaris 10. A few configuration details need to be addressed prior to starting Apache 2.xx:
\n\t1. Login as root
\nwired# _<\/p>\n

\t2. Copy the file, \/etc\/apache2\/httpd.conf-example to \/etc\/apache2\/httpd.conf
\nwired# cp \/etc\/apache2\/httpd.conf-example \/etc\/apache2\/httpd.conf<\/p>\n

\t3. Edit \/etc\/apache2\/httpd.conf
\n\t\t? Set ServerName if necessary (default is 127.0.0.1)
\n\t\t? Set ServerAdmin to a valid email address
\n\t4. From the command line type:
\nwired# svcadm enable apache2<\/p>\n

That is all it takes to to start the basic Apache 2 web server bundled with Solaris 10. In fact, the Apache 2 web service should persist through server and\/or zone boots. The actual web pages are located in the \/var\/apache2\/htdocs directory by default.<\/p>\n

SSL Certificate Configuration for Apache2 on Solaris 10
\nBy: Mel Lester Jr. (meljr@meljr.com)
\nVersion 1.04 June 21, 2006)<\/a><\/strong>
\n\t1. Enable SSL Service Property if necessary. Log in as root and issue the following command:
\nweb# svcprop -p httpd\/ssl svc:network\/http:apache2<\/p>\n

If the response is “false”, issue these three commands:
\nweb# svccfg -s http:apache2 setprop httpd\/ssl=true
\nweb# svcadm refresh http:apache2
\nweb# svcprop -p httpd\/ssl svc:network\/http:apache2<\/p>\n

If the response is “true”, continue to the next step.
\n\t2. Create a Certificate Directory and a Key Directory.
\nweb# mkdir \/etc\/apache2\/ssl.crt
\nweb# mkdir \/etc\/apache2\/ssl.key<\/p>\n

\t3. Generate a RSA Key.
\nweb# \/usr\/local\/ssl\/bin\/openssl genrsa -des3 1024 > \/etc\/apache2\/ssl.key\/server.key
\nGenerating RSA private key, 1024 bit long modulus
\n……………………..++++++
\n………++++++
\ne is 65537 (0x10001)
\nEnter pass phrase: ********
\nVerifying – Enter pass phrase: ********<\/p>\n

\t4. Generate a Certificate Request.
\nweb# \/usr\/local\/ssl\/bin\/openssl req -new -key \/etc\/apache2\/ssl.key\/server.key > \\
\n> \/etc\/apache2\/ssl.crt\/server.csr
\nEnter pass phrase for \/etc\/apache2\/ssl.key\/server.key: ********
\nYou are about to be asked to enter information that will be incorporated
\ninto your certificate request.
\nWhat you are about to enter is what is called a Distinguished Name or a DN.
\nThere are quite a few fields but you can leave some blank
\nFor some fields there will be a default value,
\nIf you enter ‘.’, the field will be left blank.
\n—–
\nCountry Name (2 letter code) [US]::US
\nState or Province Name (full name) [Some-State]:OR
\nLocality Name (eg, city) []:Blodgett
\nOrganization Name (eg, company) [Unconfigured OpenSSL Installation]:DIS
\nOrganizational Unit Name (eg, section) []:IT
\nCommon Name (eg, YOUR name) []:Big Cheese
\nEmail Address []:meljr@meljr.com
\nPlease enter the following ‘extra’ attributes
\nto be sent with your certificate request
\nA challenge password []: ********
\nAn optional company name []: Live Free or Die<\/p>\n

\t5. Install a Self-Signed Certificate. If you are going to install a certificate from an authoritative source, follow their instructions and skip this step.
\nweb# \/usr\/local\/ssl\/bin\/openssl req -x509 -days 3650 -key \\
\n> \/etc\/apache2\/ssl.key\/server.key \\
\n> -in \/etc\/apache2\/ssl.crt\/server.csr > \\
\n> \/etc\/apache2\/ssl.crt\/server.crt
\nEnter pass phrase for \/etc\/apache2\/ssl.key\/server.key: ********<\/p>\n

\t6. Modify the ssl.conf file to use your certificate.
\nweb# cd \/etc\/apache2
\nweb# ls -l
\ntotal 334
\n-rw-r–r– 1 root bin 1987 Jan 6 21:10 highperformance-std.conf
\n-rw-r–r– 1 root bin 1987 Jan 6 21:10 highperformance.conf
\n-rw-r–r– 1 root bin 37519 Jan 6 21:10 httpd-std.conf
\n-rw-r–r– 1 root root 37660 Jan 18 21:49 httpd.conf
\n-rw-r–r– 1 root bin 37661 Jul 20 2005 httpd.conf-example
\n-rw-r–r– 1 root bin 12959 Jan 6 21:10 magic
\n-rw-r–r– 1 root bin 15020 Jan 6 21:10 mime.types
\n-rw-r–r– 1 root bin 10759 Jan 6 21:10 ssl-std.conf
\n-rw-r–r– 1 root bin 10996 Jan 6 21:10 ssl.conf
\ndrwxr-xr-x 2 root root 512 Jan 19 03:24 ssl.crt
\ndrwxr-xr-x 2 root root 512 Jan 19 02:52 ssl.key<\/p>\n

Edit the ssl.conf and change the line that begins with “ServerAdmin” to reflect an email address or alias for the Server’s Administrator.
\n\t7. Test the SSL Certificate with Apache2
\n\t\t? If Apache2 is enabled, disable it during testing.
\nweb# svcs | grep -i apache2
\nonline 3:29:01 svc:\/network\/http:apache2
\nweb# svcadm disable apache2<\/p>\n

\t\t? Use the legacy script to manually test start Apache2 with SSL.
\nweb# \/usr\/apache2\/bin\/apachectl startssl
\nApache\/2.0.52 mod_ssl\/2.0.52 (Pass Phrase Dialog)
\nSome of your private key files are encrypted for security reasons.
\nIn order to read them you have to provide us with the pass phrases.
\nServer 127.0.0.1:443 (RSA)
\nEnter pass phrase: ********
\nOk: Pass Phrase Dialog successful.<\/p>\n

If this test fails with an error similar to ‘vhost.c:232 assertion “rv == APR_SUCCESS” failed on startssl’, your server may not be configured to use DNS to resolve host names. This failure is due to a known bug in Apache2 2.0.nn. A quick fix is be to edit the hosts line in your server’s \/etc\/nsswitch.conf to look like the following:
\nhosts: files dns<\/p>\n

More information about this issue may be found at:
\nhttp:\/\/issues.apache.org\/bugzilla\/show_bug.cgi?id=27525<\/p>\n

After editing \/etc\/nsswitch.conf or otherwise resolving the issue, repeat the test until you are able to manually start and stop Apache2 using your SSL Certificate and Pass Phrase.
\nweb# ps -ef | grep httpd
\nroot 1392 575 0 03:45:16 ? 0:01 \/usr\/apache2\/bin\/httpd -k start -DSSL
\nroot 1400 1116 0 03:45:51 pts\/3 0:00 grep httpd
\nwebservd 1393 1392 0 03:45:18 ? 0:00 \/usr\/apache2\/bin\/httpd -k start -DSSL
\nwebservd 1397 1392 0 03:45:18 ? 0:00 \/usr\/apache2\/bin\/httpd -k start -DSSL
\nwebservd 1396 1392 0 03:45:18 ? 0:00 \/usr\/apache2\/bin\/httpd -k start -DSSL
\nwebservd 1395 1392 0 03:45:18 ? 0:00 \/usr\/apache2\/bin\/httpd -k start -DSSL
\nwebservd 1394 1392 0 03:45:18 ? 0:00 \/usr\/apache2\/bin\/httpd -k start -DSSL<\/p>\n

\t\t? If your results are similar to the one above, use the legacy script to conclude the test. You may also want to verify that a client browser can access your site using https before continuing. Accept the self-signed Certificate if necessary.
\nweb# \/usr\/apache2\/bin\/apachectl stop<\/p>\n

\t8. Enable Apache2 with SSL to be started automatically as a service.
\nweb# cd \/etc\/apache2\/ssl.key
\nweb# cp server.key server.key.org
\nweb# \/usr\/local\/ssl\/bin\/openssl rsa -in server.key.org -out server.key
\nEnter pass phrase for server.key.org: ********
\nwriting RSA key
\nweb# chmod 400 server.key
\nweb# svcadm enable apache2
\nweb# svcs | grep -i apache2
\nonline 4:29:01 svc:\/network\/http:apache2<\/p>\n","protected":false},"excerpt":{"rendered":"

Most of the below are copied from Mel Lester Jr. (meljr@meljr.com) with some minor modifications to his tips: Apache 2.xx is included with Solaris 10. A few configuration details need to be addressed prior to starting Apache 2.xx: 1. Login as root wired# _ 2. Copy the file, \/etc\/apache2\/httpd.conf-example to \/etc\/apache2\/httpd.conf wired# cp \/etc\/apache2\/httpd.conf-example \/etc\/apache2\/httpd.conf … Continue reading Installing Apache2 with SSL (httpd) on Solaris 10<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-77","post","type-post","status-publish","format-standard","hentry","category-tips-for-computer"],"_links":{"self":[{"href":"https:\/\/learnbyblogging.com\/index.php?rest_route=\/wp\/v2\/posts\/77","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/learnbyblogging.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/learnbyblogging.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/learnbyblogging.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/learnbyblogging.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=77"}],"version-history":[{"count":0,"href":"https:\/\/learnbyblogging.com\/index.php?rest_route=\/wp\/v2\/posts\/77\/revisions"}],"wp:attachment":[{"href":"https:\/\/learnbyblogging.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=77"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/learnbyblogging.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=77"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/learnbyblogging.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=77"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}