mod_ssl provides strong cryptography for the Apache 1.3 web server via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. mod_ssl uses the open source SSL/TLS toolkit OpenSSL, which is based on SSLeay, by Eric A. Young and Tim J. Hudson. As in the previous installation scenario, the default installation directory is used in this example.

  1. Download the latest stable source releases. For mod_ssl, make sure that the version matches your version of Apache (e.g., get mod_ssl-2.8.8-1.3.24.tar.gz if you have Apache 1.3.24).

    Apache:   http://www.apache.org/dist/httpd/
mod_perl: http://perl.apache.org/download/
mod_ssl:  http://www.modssl.org/source/
openssl:  http://www.openssl.org/source/

  2. Unpack the sources:

    panic% tar xvzf mod_perl-1.xx.tar.gz
panic% tar xvzf apache_1.3.xx.tar.gz
panic% tar xvzf mod_ssl-x.x.x-1.3.xx.tar.gz
panic% tar xvzf openssl-x.x.x.tar.gz

  3. Configure, build, test, and install openssl if it isn't already installed:

    panic% cd openssl-x.x.x
panic% ./config
panic% make && make test
panic# make install

    (If you already have the openssl development environment installed, you can skip this stage.)

  4. Configure mod_ssl:

    panic% cd mod_ssl-x.x.x-1.3.xx
panic% ./configure --with-apache=../apache_1.3.xx

  5. Configure, build, test, and install mod_perl:

    panic% cd ../mod_perl-1.xx
panic% perl Makefile.PL USE_APACI=1 EVERYTHING=1 \
    DO_HTTPD=1 SSL_BASE=/usr/local/ssl \
    APACHE_SRC=../apache_1.3.xx/src \
    APACI_ARGS='--enable-module=ssl'
panic% make && make test
panic# make install

  6. Create an SSL certificate and install Apache and certificate files:

    panic% cd ../apache_1.3.xx
panic% make certificate
panic# make install

  7. Now proceed with the mod_ssl and mod_perl parts of the server configuration in httpd.conf. The next chapter provides in-depth information about mod_perl configuration. For mod_ssl configuration, please refer to the mod_ssl documentation available from http://www.modssl.org/.

Now when you start the server:

panic# /usr/local/apache/bin/apachectl startssl

you should see something like this in /usr/local/apache/logs/error_log:

[Fri May 18 11:10:31 2001] [notice]
Apache/1.3.24 (Unix) mod_perl/1.26 mod_ssl/2.8.8
OpenSSL/0.9.6c configured -- resuming normal operations

If you used the default configuration, the SSL part won't be loaded if you use apachectl start and not apachectl startssl.

This scenario also demonstrates the fact that some third-party Apache modules can be added to Apache by just enabling them (as with mod_ssl), while others need to be separately configured and built (as with mod_perl and PHP).