HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_283
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 283 Edit the Makefile.ssl  file (vi +81 Makefile.ssl) and add the following value for a Pentium Pro processor: PROCESSOR=  686 NOTE: The three modifications we made above will set the optimization flag for compilation of OpenSSL software on the server. For the last modification (PROCESSOR=) above, if you have a Pentium, put: 586, a Pentium Pro/II/III, put: 686, a 486, put: 486. Step 6 Edit the Makefile.ssl  file (vi +163 Makefile.ssl) and change the following  line: MANDIR=$(OPENSSLDIR)/man To read: MANDIR=/usr/man This step is necessary to set the directory where the man pages of OpenSSL will be installed. With this modification, we install them under “/usr/man” directory. Step 7 Now we must compile and install OpenSSL in the server: [root@deep openssl-0.9.5]# make -f Makefile [root@deep openssl-0.9.5]# make test [root@deep openssl-0.9.5]# make install [root@deep openssl-0.9.5]# mv /etc/ssl/misc/*  /usr/bin/ [root@deep openssl-0.9.5]# rm -rf  /etc/ssl/misc/ [root@deep openssl-0.9.5]# rm -rf  /etc/ssl/lib/ [root@deep openssl-0.9.5]# rm -f  /usr/bin/CA.pl [root@deep openssl-0.9.5]# rm -f  /usr/bin/CA.sh [root@deep openssl-0.9.5]# install -m 644 libRSAglue.a  /usr/lib/ [root@deep openssl-0.9.5]# install -m 644 rsaref/rsaref.h  /usr/include/openssl/ [root@deep openssl-0.9.5]# strip /usr/bin/openssl [root@deep openssl-0.9.5]# mkdir -p /etc/ssl/crl The "make -f" command will build the OpenSSL libraries (libcrypto.a and libssl.a) and the OpenSSL binary "openssl". The libraries will be built in the top-level directory, and the binary will be in the "apps" directory. After a successful build, the "make test" will test the libraries and finaly the "make install" will create the installation directory and install OpenSSL. The “mv” command would move all files under the “/etc/ssl/misc/” directory to the “/usr/bin/” directory. These files are binary and must be located under “/usr/bin/” since in our system, all binary files are keep in this directory. Also putting these  files in the “/usr/bin/” directory will keep them on our PATH ENVIRONMENT VARIABLE. The “rm” command would remove the “/etc/ssl/misc/” and “/etc/ssl/lib/” directories from our system since files that was on these directories are now located in other place. Also it will remove the “CA.pl” and “CA.sh” files that are a small scripts used to create you own CA certificate. Those scripts related to “openssl ca” commands has some strange requirements and the default OpenSSL config doesn't allow one easily to use  “openssl ca” directly. So we’ll create the “sign.sh” script program later to replace them.