CentOS 5.x is old and EOL. But there are still lots of servers running this version.
I needed for a specific project to be able to run Apache + MOD_SSL on CentOS 5.x and enable TLS v1.2. Since I was not able to compile mod_ssl separately, I had to find another way.
Let’s start with Openssl-1.0.2a (you need to have compilers enabled and installed):
1 2 3 4 5 6 7 8 | yum -y install epel-release gcc cpp gcc-c++ automake autoconf glibc-headers make cmake xmlto pcre-devel zlib-devel libselinux-devel apr-devel apr-util-devel distcache-devel db4-devel expat-devel openss-devel cd /opt wget https://www.openssl.org/source/openssl-1.0.2a.tar.gz tar zxvf openssl-1.0.2a.tar.gz cd openssl-1.0.2a ./config -fpic shared make -j2 make install |
Compile Apache on CentOS 5.x in order to use a newer openssl version:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | 1) Install some tools and compilers yum -y install openssl-devel openldap-devel 2) Download apache source rpm file: wget -c http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/updates/Source/httpd-2.2.3-92.el5.centos.src.rpm 3) Install rpm build tools and create folders for building: yum -y install rpm-build mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros 4) Try to install apache rpm source file (the one downloaded earlier): rpm -Uhv httpd-2.2.3-92.el5.centos.src.rpm 5) Build a new .rpm file cd /root/rpmbuild/SPECS rpmbuild -ba httpd.spec 6) Compile Apache cd /root/rpmbuild/BUILD/httpd-2.2.3 ./configure --prefix=/etc/httpd --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --mandir=/usr/share/man --libdir=/usr/lib64 --sysconfdir=/etc/httpd/conf --includedir=/usr/include/httpd --libexecdir=/usr/lib64/httpd/modules --datadir=//www --with-installbuilddir=/usr/lib64/httpd/build --with-mpm=prefork --with-apr=/usr --with-apr-util=/usr --enable-suexec --with-suexec --with-suexec-caller=apache --with-suexec-docroot=//www --with-suexec-logfile=/var/log/httpd/suexec.log --with-suexec-bin=/usr/sbin/suexec --with-suexec-uidmin=500 --with-suexec-gidmin=100 --enable-pie --with-pcre --enable-mods-shared=all --enable-ssl --with-ssl=/usr/local/ssl --enable-distcache --enable-proxy --enable-cache --enable-mem-cache --enable-file-cache --enable-disk-cache --enable-ldap --enable-authnz-ldap --enable-cgid --enable-authn-anon --enable-authn-alias 7) Add new openssl library to system path Edit /etc/ld.so.conf and add at the end: /usr/local/ssl/lib Save the file and run this command: ldconfig -v 8) Restart apache /etc/init.d/httpd restart |
That’s it. You’re running the default Apache-2.2.3 version from CentOS 5.x but having the latest OpenSSL. Have fun!
Directory /root/rpmbuild/BUILD/httpd-2.2.3 is not created after installing httpd-2.2.3-111.9.src.rpm.
Thanks
Please check the post and follow the steps. It seems that I’ve missed some steps when writing the blog post. It should work since I just tried on a centos5 machine…
Have in installed rpm-build? I’m not having that error.
Thanks for this – I’m seeing the same issue as Martin in that the BUILD directory is empty after the install of the src.rpm. There is a httpd-2.2.3.tar.gz in the SOURCES dir. I’ll extract that to BUILD and see what happens.
I’ll try to deploy a centos5 linux vm and retry the steps. Maybe I’ve missed something when writing the blog post.
Please check the post and follow the steps. It seems that I’ve missed some steps when writing the blog post. It should work since I just tried on a centos5 machine…
This may help:
In the second block on line 10: > needs to be > to redirect the output. I’m sure it;s just an HTML entitiy conversion issue with the post.
On line 17 httpd.specific needs to be httpd.spec
Indeed, you’re right! Thank you for pointing it out!
Line 10: > needs to be > (Greater than symbol – redirect output)
Line 17: httpd.specific needs to be httpd.spec
I have updated the post, it should be allright now. Thanks again!
Line 17: rpmbuild -ba httpd.spec says that openssl102-devel is required from httpd-2.2.3-111.9.x86_64
What can I do?
I have updated the post, I’ve probably badly copy/paste the apache src.rpm package version that it was supposed to be installed. Yes with that httpd-2.2.3-111.9.x86_64 you will get an error. The right package to install is this: httpd-2.2.3-92.el5.centos.src.rpm. You have to remove the old httpd package and install this new one I’ve provided. And it should work.
Hi. I still got above error even after using http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/updates/Source/httpd-2.2.3-92.el5.centos.src.rpm as source to download the apache rpm:
error: Failed build dependencies:
openssl-devel >= 0.9.8e-12.el5_4.4 is needed by httpd-2.2.3-92.i386
Have you installed openssl-devel package? You can achieve that by issuing this command:
yum -y install openssl-devel
I’ve updated the post accordingly. You need to install openssl-devel and openldap-devel. You can achive that by doing: yum -y install openssl-devel openldap-devel
hi 898
i follow all the step and it seems i didnt have any error but when i browse to https site
i got this error
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
[root@rms httpd-2.2.3]# curl –version
curl 7.29.0 (i686-redhat-linux-gnu) libcurl/7.29.0 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz
Is there a valid SSL installed for that website?