编译安装OPENSSL和APACHE

今天在CentOS6.6上编译安装OpenSSL 1.0.1和Apache 2.2.31，总是报告checking for SSL_CTX_new... no错误，最后在国外一个网站上找到解决办法。人家就一句话就搞定了，效率啊...

一、卸载原来的OpenSSL

查询原安装包

rpm -qa|grep openssl*

或,

rpm -qa|grep ssl*

[root@localhost tmp]# rpm -qa |grep sslopenssl-0.9.8e-12.el5_4.6docbook-style-dsssl-1.79-4.1openssl-devel-0.9.8e-12.el5_4.6openssl-0.9.8e-12.el5_4.6openssl-devel-0.9.8e-12.el5_4.6mod_ssl-2.2.3-43.el5

然后把它们全部卸载掉。卸载方法，参考：Linux下如何卸载软件

二、编译安装openssl

https://www.openssl.org/source/

乐意黎安装的是 https://www.openssl.org/source/openssl-1.1.0f.tar.gz

# cd /tmp# wget http://www.openssl.org/source/openssl-1.0.1.tar.gz# tar xzvf openssl-1.0.1.tar.gz# cd openssl-1.0.1# ./config --prefix=/usr/local/openssl# make && make install

安装openssl这里设置路径为/usr/local/openssl，下文已经后续安装其它软件，凡是涉及到ssl的，也同样需要指定这个路径，因为我们没有按照系统默认的路径安装。

如果在Linux下安装openssl，执行config和make之后，在执行make install时如果出现下面的错误

cms.pod around line 457: Expected text after =item, not a number 

cms.pod around line 461: Expected text after =item, not a number 
cms.pod around line 465: Expected text after =item, not a number 
cms.pod around line 470: Expected text after =item, not a number 
cms.pod around line 474: Expected text after =item, not a number 

POD document had syntax errors at /usr/bin/pod2man line 69. 

则在root权限下，执行rm -f /usr/bin/pod2man  然后重新make install

三、编译安装Apache

# wget http://www.apache.org/dist/httpd/httpd-2.2.31.tar.gz# tar zxvf httpd-2.2.31.tar.gz# cd httpd-2.2.31# ./configure --prefix=/usr/local/apache2 --enable-so --enable-rewrite --enable-ssl --with-ssl=/usr/local/openssl# make && make install

错误如下：

checking whether to enable mod_ssl... checking dependencieschecking for SSL/TLS toolkit base... /usr/local/ssladding "-I/usr/local/ssl/include" to CPPFLAGSadding "-I/usr/local/ssl/include" to INCLUDESadding "-L/usr/local/ssl/lib" to LDFLAGSchecking for OpenSSL version... checking openssl/opensslv.h usability... yeschecking openssl/opensslv.h presence... yeschecking for openssl/opensslv.h... yeschecking openssl/ssl.h usability... yeschecking openssl/ssl.h presence... yeschecking for openssl/ssl.h... yesOKforcing SSL_LIBS to "-lssl -lcrypto "adding "-lssl" to LIBSadding "-lcrypto" to LIBSchecking openssl/engine.h usability... yeschecking openssl/engine.h presence... yeschecking for openssl/engine.h... yeschecking for SSLeay_version... yeschecking for SSL_CTX_new... nochecking for ENGINE_init... nochecking for ENGINE_load_builtin_engines... nochecking for SSL_set_cert_store... noconfigure: error: ... Error, SSL/TLS libraries were missing or unusable 

这在APACHE上一个版本时，有个类似的BUG（地址：https://issues.apache.org/bugzilla/show_bug.cgi?id=48880），那时SSLeay_version... yes这一句都不会过SSLeay_version... no。

最后找到解决办法，执行如下一句设置环境变量：

export LDFLAGS=-ldl

四、APACHE开启HTTPS配置

Redhat下如果是源码编译安装apache2，只需修改../apache2/conf/httpd.conf其中的，

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf

注释去掉，然后再修改：.../conf/extra/httpd-ssl.conf文件，

<VirtualHost _default_:443>#   General setup for the virtual hostDocumentRoot "/var/www/html"ServerName 12.34.56.78:443ServerAdmin you@example.comErrorLog "/usr/local/apache2/logs/error_log"TransferLog "/usr/local/apache2/logs/access_log"...

设置证书文件路径SSLCertificateFile和SSLCertificateKeyFile文件路径，如果使用的证书SSLCertificateFile里已包含服务器私钥，则需把下面的设置项SSLCertificateKeyFile注释关闭。

SSLCertificateFile "/usr/local/apache2/conf/apache.pem"#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt"#SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key"

特别感谢：