Overview
An earlier post had detailed setting up Apache httpd 2.2.22 with both DSA and RSA support in terms of SSL/TLS authentication. This post will detail setting up Apache httpd 2.4.3 with support for all three ciphers viz: RSA, DSA and ECC. The earlier post also covered the OpenSSL 1.0.x installation that supports all of these ciphers.
Please note that Apache httpd version 2.2.x does not have ECC support built in and it needs to be patched for ECC. However support for ECC is in trunk for the 2.4.x branch and that is the path that we will take.
Building Apache
- Download the source.
- Build
./configure --prefix=/app/install/myinstalls/httpd-2.4 --enable-mods-shared="all ssl deflate disk-cache expires headers info cache proxy proxy-ajp proxy-balancer proxy-connect proxy-ftp proxy-http rewrite" --with-ssl=/usr/local/ssl --with-included-apr --with-pcre=/usr/local
12makemake install
Note that we are utilizing the provided APR (Apache Portable Runtime) and are also pointing to the PCRE deployment. Please see the Prerequisite section below on the reasons for this.If there are any issues, run the following before retrying:
12make cleanmake distclean
Prerequisites:
APR and APR-UTIL
Apache Portable Runtime (APR) and utils might need to be updated or installed if the following error is printed on the screen while configuring Apache httpd which is the first step in the build process. If while running configure, the following is spewed out then you need to download and install APR and APR-UTIL.
configure: error: APR not found. Please read the documentation
Steps for APR (1.4.6) and APR-UTIL (1.4.1) setup:
- Download the source into “[Apache HTTPD build location]/srclib”. Extract it and make sure there are no version numbers in the folders.
From the Apache httpd documentation (http://httpd.apache.org/docs/2.4/install.html):download the latest versions of both APR and APR-Util from Apache APR, unpack them into ./srclib/apr and ./srclib/apr-util (be sure the domain names do not have version numbers; for example, the APR distribution must be under ./srclib/apr/) - Append the following to the Apache httpd configure command:
--with-included-apr - Continue with the Apache httpd configure process.
PCRE
If during the Apache httpd build process, the following is spewed out then we need to build and install PCRE.
configure: error: pcre-config for libpcre not found. PCRE is required and available from http://pcre.org/
Steps for PCRE (8.31) setup:
- Download the PCRE source. Save it at any location.
- The PCRE build and install process will generate both shared and static libraries and that implies we do not have to explicitly require the dynamic libraries to be built.
- The configure command and the build process then is:
./configure --prefix=/usr/local
make
make install
If there is this error during the process then it implies that either libtools or GCC C++ compiler is not available:
make[1]: Entering directory/app/install/myinstalls/pcre/pcre-8.31'CXX pcrecpp.lolibtool: compile: unrecognized option-DHAVE_CONFIG_H'libtool: compile: Trylibtool --help' for more information.make[1]: *** [pcrecpp.lo] Error 1make[1]: Leaving directory/app/install/myinstalls/pcre/pcre-8.31'make: *** [all] Error 2
Consequently, you would need to perform the following installs:123yum install libtoolyum install gccyum install gcc-c++
Miscellaneous
Errors related to mod_deflate and zlib
If the following error is spewed during configure:
checking for zlib location... not found
checking whether to enable mod_deflate... configure: error: mod_deflate has been requested but can not be built due to prerequisite failures
Then this implies that zlib or zlib-devel packages are missing or might need to be forced to be reinstalled. This should take care of installing them:
yum install zlib
yum install zlib-devel
Thank you very much. It successfully works.
Hi
can you please share an example of apache configuration that supports both RSA and ECC?
thx
Antonio