Move into the new Openssl directory and type the following commands on your terminal:
Edit the c_rehash
file, vi +11 tools/c_rehash
and change the line:
DIR=/usr/local/ssl
To read:
DIR=/usr
The changed line above will build and install OpenSSL in the default location /usr
.
By default, OpenSSL source files suppose that your Perl program directory is located under the /usr/local/bin/perl
directory. We must modify the #!/usr/local/bin/perl line
in all scripts that rely on perl to reflect our Perl directory under Red Hat Linux to be /usr/bin
.
[root@deep ]/openssl-0.9.5a# perl util/perlpath.pl /usr/bin
OpenSSL must know where to find the necessary OpenSSL source libraries to compile successfully its required files. With the command below, we set the PATH
environment variable to the default directory where we
have uncompressed the OpenSSL source files.
[root@deep ]/openssl-0.9.5a# export LD_LIBRARY_PATH=`pwd`
Now, we must configure OpenSSL for our system:
CC="egcs" \ ./Configure linux-elf -DSSL_FORBID_ENULL \ --prefix=/usr \ --openssldir=/etc/ssl
Edit the Makefile.ssl file and change the following line:
vi +50 Makefile.ssl
CC= gcc
To read:
CC= egcs
Edit with vi +52 Makefile.ssl
and add/change the following line:
CFLAG= -DTHREADS -D_REENTRANT -DSSL_FORBID_ENULL -DL_ENDIAN -DTERMIO -O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
Edit with vi +79 Makefile.ssl
and add the following value for a Pentium Pro processor:
PROCESSOR= 686
The three modifications we made above will set the optimization flag for compilation of OpenSSL software on the server. For the last modification PROCESSOR=
above, if you use
586
to denote a Pentium, use 686
to denote Pro/II/III, use 486
to denote a 486, depending on the type of processor you have.
Edit with vi +161 Makefile.ssl
and change the following line:
MANDIR=$(OPENSSLDIR)/man
To read:
MANDIR=/usr/man
This step is necessary to set the directory for where the man pages of OpenSSL will be installed. With this modification, we install them under /usr/man
directory.
Now we must compile and install OpenSSL on the server:
[root@deep ]/openssl-0.9.5a# make -f Makefile [root@deep ]/openssl-0.9.5a# make test [root@deep ]/openssl-0.9.5a# make install [root@deep ]/openssl-0.9.5a# mv /etc/ssl/misc/* /usr/bin/ [root@deep ]/openssl-0.9.5a# rm -rf /etc/ssl/misc/ [root@deep ]/openssl-0.9.5a# rm -rf /etc/ssl/lib/ [root@deep ]/openssl-0.9.5a# rm -f /usr/bin/CA.pl [root@deep ]/openssl-0.9.5a# rm -f /usr/bin/CA.sh [root@deep ]/openssl-0.9.5a# install -m 644 libRSAglue.a /usr/lib/ [root@deep ]/openssl-0.9.5a# install -m 644 rsaref/rsaref.h /usr/include/openssl/ [root@deep ]/openssl-0.9.5a# strip /usr/bin/openssl [root@deep ]/openssl-0.9.5a# mkdir -p /etc/ssl/crl
The make -f command will build the OpenSSL libraries, libcrypto.a
and libssl.a
and the OpenSSL binary openssl. The libraries
will be built in the top-level directory, and the binary will be in the apps
directory.
After a successful build, the make test will test the libraries and finally the make install will create the installation directory and install OpenSSL.
The mv command will move all files under the /etc/ssl/misc/
directory to the /usr/bin/
directory. These
files are binary and must be located under /usr/bin/
since in our system, all binary files are keep in this directory. Also putting these files in the /usr/bin/
directory will keep them in our PATH
environment variable.
The rm command will remove the /etc/ssl/misc/
and /etc/ssl/lib/
directories from our system, since files that were in these directories are
now located in other places. Also, it will remove the CA.pl
and CA.sh
files, that are small scripts used to create your own CA certificates. Those scripts related to openssl ca
commands has some strange requirements, and the default OpenSSL config doesn't allow one easily to use openssl ca directly. So we'll create the sign.sh
script program later to replace them.
The bc-1.05a-4.i386.rpm
package or higher must be already installed on your Linux server or you'll receive an error message during the library test of OpenSSL.
Please don't forget to cleanup later:
[root@deep] /# cd /var/tmp [root@deep tmp]# rm -rf openssl-version/ openssl-version.tar.gz
The rm command will remove all the source files we have used to compile and install OpenSSL. It will also remove the OpenSSL compressed archive from th/var/tmp
directory.