Hello all. OK. I think I have a solution for base-line Apache-2.0.35 +mod_ssl +openssl-0.9.6c. So far, I've rebuilt my RedHat 7.2 test server three times and followed this checklist with success.
Assumptions: Openssl and httpd tar balls are located in /download directory You untar the tar balls under the /usr/src directory. ------------------------------------------------------------- PROGRAMMING LANGUAGES (you need these before anything else) cpp gcc byacc flex patch OPENSSL-0.9.6c cd openssl-0.9.6c ./config make make test make install HTTPD-2.0.35 cd ../httpd-2.0.35 ./configure --enable-module=most --enable-ssl --with-ssl=/usr/local/ssl make make install MAKE CERTIFICATE cp /usr/local/ssl/bin/openssl /usr/local/apache2/bin cd /usr/local/apache2/bin ./openssl genrsa -des3 1024 > server.key (Enter Passphrase) chmod 400 server.key ./openssl req -new -key server.key -out server.csr ./openssl req -x509 -key server.key -in server.csr -out server.crt mkdir /usr/local/apache2/conf/ssl.key mkdir /usr/local/apache2/conf/ssl.crt mv server.crt /usr/local/apache2/conf/ssl.crt mv server.key /usr/local/apache2/conf/ssl.key TEST APACHE INSTALLATION cp /usr/local/apache2/bin/apachectl /usr/bin UNSECURE TEST apachectl start go to test URL reload to test (don't use cached files) apachectl stop reload to test (should error out) SECURE TEST apachectl startssl reload to test unsecure site (should be OK) go to test https URL reload to test secure site (should complain about the self-signed certificate) apachectl stop reload to test (should error out) ------------------------------------------------------------- HIH! Steve Gonzales Louisiana State University [EMAIL PROTECTED] Division of Engineering Services 225.578.6069 (v) 3216G CEBA 225.578.5990 (f) Baton Rouge, LA 70803 ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]