		make apache-ssl on NetBSD (should be removed)

1) get sources 

	apache_1.3.9.tar.gz
	mod_ssl-2.4.8-1.3.9.tar.gz 
	openssl-0.9.4.tar.gz

2)  extract them

% tar zxvf apache_1.3.9.tar.gz
% tar zxvf mod_ssl-2.4.8-1.3.9.tar.gz 
% tar zxvf openssl-0.9.4.tar.gz

3 ) make openssl

% cd openssl-0.9.4 
% ./config
% make
% su
# make install

4 ) apply openssl patch to apache

% cd mod_ssl-2.4.8-1.3.9
% sh configure --with-apache=../apache_1.3.9
% cd ../apache_1.3.9

5 ) make apache-ssl

% pwd
/some/where/apache_1.3.9
% env BASE_SSL=/usr/local/ssl ./configure --enable-module=ssl 
% make

6) create my CA (Certificate Agent) and install

% make certificate TYPE=custom
% make install

7) remove pass phrase to start apache-ssl without query of pass phrase

# cd /usr/local/apache/conf/ssl.key
# openssl rsa -in server.key -out server.key
# chmod 400 server.key

8) start apache-ssl

# /usr/local/apache/bin/apachectl startssl

--------->8--------->8--------->8--------->8--------->8--------->8
RESULT: CA and Server Certification Files

o  conf/ssl.key/ca.key
   The PEM-encoded RSA private key file of the CA which you can
   use to sign other servers or clients. KEEP THIS FILE PRIVATE!

o  conf/ssl.crt/ca.crt
   The PEM-encoded X.509 certificate file of the CA which you use to
   sign other servers or clients. When you sign clients with it (for
   SSL client authentication) you can configure this file with the
   'SSLCACertificateFile' directive.

o  conf/ssl.key/server.key
   The PEM-encoded RSA private key file of the server which you configure
   with the 'SSLCertificateKeyFile' directive (automatically done
   when you install via APACI). KEEP THIS FILE PRIVATE!

o  conf/ssl.crt/server.crt
   The PEM-encoded X.509 certificate file of the server which you configure
   with the 'SSLCertificateFile' directive (automatically done
   when you install via APACI).

o  conf/ssl.csr/server.csr
   The PEM-encoded X.509 certificate signing request of the server file which
   you can send to an official Certificate Authority (CA) in order
   to request a real server certificate (signed by this CA instead
   of our own CA) which later can replace the conf/ssl.crt/server.crt
   file.

Congratulations that you establish your server with real certificates.
--------->8--------->8--------->8--------->8--------->8--------->8

********* Session Examples *********

ENV: SSL_SESSION_ID => DBEB0B1448B2CA5E2ED7A3FF76CFC0F8B65328FD4951814193257C7106C33C96
ENV: SSL_SERVER_ICN => beth.fml.org
ENV: SERVER_SOFTWARE => Apache/1.3.9 (Unix) mod_ssl/2.4.8 OpenSSL/0.9.4
ENV: SSL_SERVER_I_DN_C => jp
ENV: SSL_CIPHER_ALGKEYSIZE => 128
ENV: REMOTE_ADDR => 10.1.1.3
ENV: SSL_SSLEAY_VERSION => OpenSSL/0.9.4
ENV: REQUEST_METHOD => POST
ENV: SSL_SERVER_KEY_SIZE => Not supported by mod_ssl
ENV: SSL_SERVER_C => jp
ENV: REMOTE_USER => admin
ENV: SSL_VERSION_LIBRARY => OpenSSL/0.9.4
ENV: SSL_SERVER_S_DN => /C=jp/ST=Hokkaido/L=sapporo/O=FML.ORG sapporo/OU=Technical Div./CN=beth.fml.org/Email=fukachan@fml.org
ENV: SSL_SERVER_CERT_END => Nov  7 12:23:31 2000 GMT
ENV: SSL_SERVER_I_DN_L => sapporo
ENV: HTTPS_CIPHER => EXP-RC4-MD5
ENV: SSL_SERVER_I_DN_O => FML.ORG Sapporo
ENV: HTTP_ACCEPT => image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
ENV: HTTP_ACCEPT_LANGUAGE => en
ENV: SSL_SERVER_L => sapporo
ENV: SSL_SERVER_ISP => hokkaido
ENV: HTTPS => on
ENV: SSL_SERVER_IOU => Technical Division
ENV: SCRIPT_FILENAME => /usr/local/fml/www/cgi-bin/admin/makefml.cgi
ENV: SSLEAY_VERSION => OpenSSL/0.9.4
ENV: SSL_SERVER_O => FML.ORG sapporo
ENV: SERVER_NAME => beth.fml.org
ENV: SSL_SERVER_CN => beth.fml.org
ENV: SSL_SERVER_M_VERSION => 3
ENV: SSL_SECRETKEYSIZE => 40
ENV: SERVER_PORT => 443
ENV: SSL_CLIENT_CERT => 
ENV: SSL_CLIENT_KEY_ALGORITHM => Not supported by mod_ssl
ENV: SSL_SERVER_IDN => /C=jp/ST=hokkaido/L=sapporo/O=FML.ORG Sapporo/OU=Technical Division/CN=beth.fml.org/Email=fukachan@fml.org
ENV: SERVER_SIGNATURE => <ADDRESS>Apache/1.3.9 Server at beth.fml.org Port 443</ADDRESS>

ENV: SSL_SERVER_V_START => Nov  8 12:23:31 1999 GMT
ENV: SSL_SERVER_SP => Hokkaido
ENV: SSL_SERVER_OU => Technical Div.
ENV: SSL_CIPHER => EXP-RC4-MD5
ENV: HTTP_CONNECTION => Keep-Alive
ENV: SSL_SERVER_I_DN_CN => beth.fml.org
ENV: SSL_SERVER_S_DN_Email => fukachan@fml.org
ENV: SSL_SERVER_CERT => -----BEGIN CERTIFICATE-----
MIIDTjCCAregAwIBAgIBATANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCanAx
SUogU2FwcG9ybzEbMBkGA1UECxMSVGVjaG5pY2FsIERpdmlzaW9uMR8wHQYDVQQD
ExZiZXRoLnNhcHBvcm8uaWlqLmFkLmpwMSkwJwYJKoZIhvcNAQkBFhpmdWthY2hh
bkBzYXBwb3JvLmlpai5hZC5qcDAeFw05OTExMDgxMjIzMzFaFw0wMDExMDcxMjIz
MzFaMIGtMQswCQYDVQQGEwJqcDERMA8GA1UECBMISG9ra2FpZG8xEDAOBgNVBAcT
B3NhcHBvcm8xFDASBgNVBAoTC0lJSiBzYXBwb3JvMRcwFQYDVQQLEw5UZWNobmlj
SIb3DQEJARYaZnVrYWNoYW5Ac2FwcG9yby5paWouYWQuanAwgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAJ1/0it3TZQIoiTT9WQFdtssV25SCZEGeR/hwkmv7wPv
XBng82cesCwpixGog4EGVQGIghCN6/6o9QYg8t1BY+C7IHjtHSn/GNWeim9TFQ/Y
rEtf/TtbgJvnDh3PQuP+Z/MYjSwNCmyNP37LSehtztteoaUofL44TxQlVKD4vs6x
AgMBAAGjeDB2MCUGA1UdEQQeMByBGmZ1a2FjaGFuQHNhcHBvcm8uaWlqLmFkLmpw
MDoGCWCGSAGG+EIBDQQtFittb2Rfc3NsIGdlbmVyYXRlZCBjdXN0b20gc2VydmVy
IGNlcnRpZmljYXRlMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQQFAAOB
gQBBYnVVF7ILyCP/oSjJFvje9XUN25O9RNovnkYe/XQfsEeJZ2/wsuaX62aEY18x
Y7cWn40sUEfDCQNGbUFNTkNjEOXgftYaQ3KANSAi/6PyWOP2eyGR8eQcBUJ4H7VE
o4eS8dODzXmjyrNzxMCM0gfXvsIDLlbQPsDzf3t0m6YkzA==
-----END CERTIFICATE-----

ENV: SSL_KEYSIZE => 128
ENV: SSL_SERVER_KEY_ALGORITHM => Not supported by mod_ssl
ENV: HTTPS_KEYSIZE => 128
ENV: REQUEST_URI => /cgi-bin/fml/admin/makefml.cgi
ENV: SSL_SERVER_IEMAIL => fukachan@fml.org
ENV: SSL_SERVER_DN => /C=jp/ST=Hokkaido/L=sapporo/O=FML.ORG sapporo/OU=Technical Div./CN=beth.fml.org/Email=fukachan@fml.org
ENV: SSL_SERVER_S_DN_CN => beth.fml.org
ENV: CONTENT_LENGTH => 67
ENV: SSL_SERVER_I_DN => /C=jp/ST=hokkaido/L=sapporo/O=FML.ORG Sapporo/OU=Technical Division/CN=beth.fml.org/Email=fukachan@fml.org
ENV: GATEWAY_INTERFACE => CGI/1.1
ENV: DOCUMENT_ROOT => /usr/local/apache/htdocs
ENV: SSL_SERVER_CERT_START => Nov  8 12:23:31 1999 GMT
ENV: SSL_PROTOCOL => SSLv3
ENV: SSL_SERVER_I_DN_SP => hokkaido
ENV: SSL_SERVER_I_DN_OU => Technical Division
ENV: SSL_PROTOCOL_VERSION => SSLv3
ENV: SSL_SERVER_A_SIG => md5WithRSAEncryption
ENV: QUERY_STRING => 
ENV: SSL_SERVER_S_DN_SP => Hokkaido
ENV: SSL_SERVER_S_DN_C => jp
ENV: SSL_CIPHER_EXPORT => true
ENV: SSL_SERVER_S_DN_OU => Technical Div.
ENV: REMOTE_PORT => 58991
ENV: SSL_SERVER_A_KEY => rsaEncryption
ENV: SERVER_ADDR => 10.1.1.3
ENV: SSL_SERVER_IC => jp
ENV: HTTPS_EXPORT => true
ENV: HTTP_ACCEPT_ENCODING => gzip
ENV: SSL_SERVER_CERTFILE => Not supported by mod_ssl
ENV: SSL_SERVER_S_DN_L => sapporo
ENV: HTTP_PRAGMA => no-cache
ENV: SSL_SERVER_S_DN_O => FML.ORG sapporo
ENV: SSL_SERVER_IL => sapporo
ENV: HTTPS_SECRETKEYSIZE => 40
ENV: SSL_CIPHER_USEKEYSIZE => 40
ENV: SSL_SERVER_IO => FML.ORG Sapporo
ENV: SERVER_ADMIN => fukachan@beth.fml.org
ENV: SSL_CLIENT_KEY_EXP => Not supported by mod_ssl
ENV: SSL_CLIENT_VERIFY => NONE
ENV: SSL_VERSION_INTERFACE => mod_ssl/2.4.8
ENV: SERVER_PROTOCOL => HTTP/1.0
ENV: SSL_SERVER_I_DN_Email => fukachan@fml.org
ENV: SSL_SERVER_SESSIONDIR => Not supported by mod_ssl
ENV: HTTP_REFERER => https://beth/cgi-bin/fml/admin/menu.cgi
ENV: SSL_SERVER_CERTIFICATE => -----BEGIN CERTIFICATE-----
MIIDTjCCAregAwIBAgIBATANBgkqhkiG9w0BAQQFADCBsTELMAkGA1UEBhMCanAx
ETAPBgNVBAgTCGhva2thaWRvMRAwDgYDVQQHEwdzYXBwb3JvMRQwEgYDVQQKEwtJ
SUogU2FwcG9ybzEbMBkGA1UECxMSVGVjaG5pY2FsIERpdmlzaW9uMR8wHQYDVQQD
bkBzYXBwb3JvLmlpai5hZC5qcDAeFw05OTExMDgxMjIzMzFaFw0wMDExMDcxMjIz
MzFaMIGtMQswCQYDVQQGEwJqcDERMA8GA1UECBMISG9ra2FpZG8xEDAOBgNVBAcT
B3NhcHBvcm8xFDASBgNVBAoTC0lJSiBzYXBwb3JvMRcwFQYDVQQLEw5UZWNobmlj
YWwgRGl2LjEfMB0GA1UEAxMWYmV0aC5zYXBwb3JvLmlpai5hZC5qcDEpMCcGCSqG
SIb3DQEJARYaZnVrYWNoYW5Ac2FwcG9yby5paWouYWQuanAwgZ8wDQYJKoZIhvcN
XBng82cesCwpixGog4EGVQGIghCN6/6o9QYg8t1BY+C7IHjtHSn/GNWeim9TFQ/Y
rEtf/TtbgJvnDh3PQuP+Z/MYjSwNCmyNP37LSehtztteoaUofL44TxQlVKD4vs6x
AgMBAAGjeDB2MCUGA1UdEQQeMByBGmZ1a2FjaGFuQHNhcHBvcm8uaWlqLmFkLmpw
MDoGCWCGSAGG+EIBDQQtFittb2Rfc3NsIGdlbmVyYXRlZCBjdXN0b20gc2VydmVy
IGNlcnRpZmljYXRlMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQQFAAOB
gQBBYnVVF7ILyCP/oSjJFvje9XUN25O9RNovnkYe/XQfsEeJZ2/wsuaX62aEY18x
Y7cWn40sUEfDCQNGbUFNTkNjEOXgftYaQ3KANSAi/6PyWOP2eyGR8eQcBUJ4H7VE
o4eS8dODzXmjyrNzxMCM0gfXvsIDLlbQPsDzf3t0m6YkzA==
-----END CERTIFICATE-----

ENV: SSL_SERVER_CERTIFICATELOGDIR => Not supported by mod_ssl
ENV: HTTP_USER_AGENT => Mozilla/4.61 [en] (X11; I; NetBSD 1.4D i386; Nav)
ENV: PATH => /sbin:/usr/sbin:/bin:/usr/bin:/usr/pkg/sbin:/usr/pkg/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin
ENV: SSL_STRONG_CRYPTO => Not supported by mod_ssl
ENV: SSL_SERVER_EMAIL => fukachan@fml.org
ENV: SSL_SERVER_KEYFILE => Not supported by mod_ssl
ENV: SSL_SERVER_KEYFILETYPE => Not supported by mod_ssl
ENV: SSL_CLIENT_KEY_SIZE => Not supported by mod_ssl
ENV: SSL_SERVER_V_END => Nov  7 12:23:31 2000 GMT
ENV: SSL_SERVER_M_SERIAL => 01
ENV: AUTH_TYPE => Basic
ENV: SSL_EXPORT => true
ENV: SSL_SERVER_CERT_SERIAL => 01
ENV: SCRIPT_NAME => /cgi-bin/fml/admin/makefml.cgi
ENV: HTTP_ACCEPT_CHARSET => iso-8859-1,*,utf-8
ENV: SSL_SERVER_KEY_EXP => Not supported by mod_ssl
ENV: CONTENT_TYPE => application/x-www-form-urlencoded
ENV: HTTP_HOST => beth
ENV: SSL_SERVER_SIGNATURE_ALGORITHM => md5WithRSAEncryption
Config: submit-p => Remove
Config: ML => sayori
Config: PROC => destructml
Config: LANGUAGE => Japanese
Config: ML_DEF => 
᡼󥰥ꥹ: sayori
ޤ



    makefml destructml mailing-list

arguments of mailing-list is required

$Id: apache-ssl.txt,v 1.5 2000/05/31 08:37:05 fukachan Exp $
