Securing-Optimizing-RH-Linux-1_2_283
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
283
Edit the Makefile.ssl file (vi +81 Makefile.ssl) and add the following value for a Pentium Pro
processor:
PROCESSOR= 686
NOTE: The three modifications we made above will set the optimization flag for compilation of
OpenSSL software on the server. For the last modification (PROCESSOR=) above, if you have a
Pentium, put: 586, a Pentium Pro/II/III, put: 686, a 486, put: 486.
Step 6
Edit the Makefile.ssl file (vi +163 Makefile.ssl) and change the following line:
MANDIR=$(OPENSSLDIR)/man
To read:
MANDIR=/usr/man
This step is necessary to set the directory where the man pages of OpenSSL will be installed.
With this modification, we install them under /usr/man directory.
Step 7
Now we must compile and install OpenSSL in the server:
[root@deep openssl-0.9.5]# make -f Makefile
[root@deep openssl-0.9.5]# make test
[root@deep openssl-0.9.5]# make install
[root@deep openssl-0.9.5]# mv /etc/ssl/misc/* /usr/bin/
[root@deep openssl-0.9.5]# rm -rf /etc/ssl/misc/
[root@deep openssl-0.9.5]# rm -rf /etc/ssl/lib/
[root@deep openssl-0.9.5]# rm -f /usr/bin/CA.pl
[root@deep openssl-0.9.5]# rm -f /usr/bin/CA.sh
[root@deep openssl-0.9.5]# install -m 644 libRSAglue.a /usr/lib/
[root@deep openssl-0.9.5]# install -m 644 rsaref/rsaref.h /usr/include/openssl/
[root@deep openssl-0.9.5]# strip /usr/bin/openssl
[root@deep openssl-0.9.5]# mkdir -p /etc/ssl/crl
The "make -f" command will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
OpenSSL binary "openssl". The libraries will be built in the top-level directory, and the binary will
be in the "apps" directory.
After a successful build, the "make test" will test the libraries and finaly the "make install" will
create the installation directory and install OpenSSL.
The mv command would move all files under the /etc/ssl/misc/ directory to the /usr/bin/
directory. These files are binary and must be located under /usr/bin/ since in our system, all
binary files are keep in this directory. Also putting these files in the /usr/bin/ directory will keep
them on our PATH ENVIRONMENT VARIABLE.
The rm command would remove the /etc/ssl/misc/ and /etc/ssl/lib/ directories from our
system since files that was on these directories are now located in other place. Also it will remove
the CA.pl and CA.sh files that are a small scripts used to create you own CA certificate. Those
scripts related to openssl ca commands has some strange requirements and the default
OpenSSL config doesn't allow one easily to use openssl ca directly. So well create the sign.sh
script program later to replace them.