How to enable SNI of Apache at CentOS 5.5

Since Openssl at CentOS 5.5 is 0.9.8e which not support SNI, in order to support Virtual Host SSL at Apache, update openssl and mod_ssl is needed to be compiled.

In order not to impact the RPM installed at CentOS, we need to compile the new openssl to a location which not the system path, ie /usr/local2, then we compile the Apache 2.2.21 with corresponding environment variable, then we have the resulting mod_ssl.so, put this new mod_ssl.so to original apache (which is also in 2.2.21), and start the apache which corresponding environment variable, then the new compiled openssl will be used at the apache’s mod_ssl, and SNI is supported.

Step 1, install tools needs

yum install gcc zlib-devel

Step 2, Install openssl

wget http://www.openssl.org/source/openssl-1.0.0g.tar.gz

extract the tar zip

./config –prefix=/usr/local2 –openssldir=/usr/local2/openssl enable-tlsext shared

make;make install

Step 3, Compile and Install Apache

wget http://ftp.cuhk.edu.hk/pub/packages/apache.org//httpd/httpd-2.2.21.tar.gz

extract the tar zip

LDFLAGS=-L/usr/local2/lib CPPFLAGS=-I/usr/local2/include/ ./configure –prefix=/usr/local2/apache-2.2.21  –with-included-apr –with-mpm=worker –enable-mime-magic –enable-so –enable-vhost-alias  –enable-ssl –enable-rewrite –with-java-home=/usr/java/jdk1.6.0_17 –enable-unique-id –enable-deflate –enable-proxy –enable-proxy-ajp –enable-expires  –disable-status  –disable-cgid –disable-userdir  –with-ssl=/usr/local2/  –enable-mods-shared=”isapi file_cache cache disk_cache mem_cache ext_filter expires headers usertrack unique_id status info cgi cgid speling ssl”

Step 4, Link the new compiled mod_ssl to ORIGINAL apache

cd /usr/lib/httpd/modules

mv mod_ssl.so mod_ssl.so.orig

ln -s /usr/local2/apache-2.2.21/modules/mod_ssl.so /usr/lib/httpd/modules

Step 5, update /etc/init.d/httpd

add “LD_LIBRARY_PATH=/usr/local2/lib:$LD_LIBRARY_PATH”, to

  • before the httpd inside the start()
  • inside configtest function

Step 6, restart Apache

652 comments to How to enable SNI of Apache at CentOS 5.5

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>