Find the answer to your Linux question:
Results 1 to 5 of 5
OS: CentOS 5.5 I have been trying to install OpenSSL 1.0.0 from sources and seems like I have been successful. However, when I sniff my Apache web server from serversniff.net ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2010
    Posts
    3

    Installing OpenSSL 1.0.0 and Apache http server


    OS: CentOS 5.5

    I have been trying to install OpenSSL 1.0.0 from sources and seems like I have been successful. However, when I sniff my Apache web server from serversniff.net it reports that my server is still using "OpenSSL 0.9.8h 28 May 2008".

    When I restart my Apache server, it reports that it is using OpenSSL 1.0.0 in the logs:

    [Mon May 17 11:20:26 2010] [notice] Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/1.0.0 configured -- resuming normal operations

    What do I need to do to get the correct OpenSSL version advertised by my server?

    Thanks

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    could it be because of what version of openssl your cert was made with?

  3. #3
    Just Joined!
    Join Date
    May 2010
    Posts
    3
    I built the cert with OpenSSL 1.0.0.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    May 2010
    Posts
    5
    Was the older version of OpenSSL (OpenSSL 0.9.8h) and Apache initially compiled manually or were any of them preinstalled with CentOS? If Apache was preinstalled or installed prior to installing OpenSSL 1.0.0, I suspect that some other component in it is still "bound" to the old version of OpenSSL.

    Just today I attempted to install the latest version of BIND 9. When I ran the configure script, it told me that it couldn't find OpenSSL 1.0.0, when indeed I did (apparently it was preinstalled with Fedora 12). I told the configure script to look in the OpenSSL directory (or what appeared to be the directory), but then it complained about not finding a header file. I decided to just install OpenSSL manually and after that I was able to install BIND just fine.

    I guess from Fedora's perspective, OpenSSL was installed...just not in the standard locations that other software expects it to be in.

    I suspect that from one operational perspective, Apache thinks that it has the latest version of OpenSSL, whereas from another perspective (maybe when it was preinstalled?) it thinks that it doesn't.

  6. #5
    Just Joined!
    Join Date
    May 2010
    Posts
    3
    I believe you are right but I can't figure out what part of Apache is still hanging onto OpenSSL 0.9.8h. I installed both OpenSSL 1.0.0 and Apache from sources (manually) with these configure commands:

    For OpenSSL:
    ./config --prefix=/usr/local --openssldir=/usr/local/openssl

    For Apache:
    ./configure --enable-headers --enable-proxy --enable-proxy-connect --enable-proxy-http --enable-rewrite --enable-ssl --enable-perl --with-ssl=/usr/local/openssl --with-sslport=443

    Before installing Apache though, I had to do the following to get Apache to recognize OpenSSL 1.0.0:

    yum remove openssl-devel
    rpm -e --allmatches --nodeps openssl

    And after all was finished, I had to install the original OpenSSL 0.9.8 from RPM so that other components of my Linux box (SSH Server, etc.) worked.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •