Linux SysAdmin & DevOps

CentOS 5.11 – Have the latest OpenSSL 1.0.2 running on Apache 2.2.3

CentOS 5.x is old and EOL. But there are still lots of servers running this version.

I needed for a specific project to be able to run Apache + MOD_SSL on CentOS 5.x and enable TLS v1.2. Since I was not able to compile mod_ssl separately, I had to find another way.

Let’s start with OpenSSL v1.0.2a (you need to have compilers enabled and installed):

yum -y install epel-release gcc cpp gcc-c++ automake autoconf glibc-headers make cmake xmlto pcre-devel zlib-devel libselinux-devel apr-devel apr-util-devel distcache-devel db4-devel expat-devel openss-devel
cd /opt
tar zxvf openssl-1.0.2a.tar.gz
cd openssl-1.0.2a
./config -fpic shared
make -j2
make install

Compile Apache on CentOS 5.x in order to use a newer openssl version:

1) Install some tools and compilers

yum -y install openssl-devel openldap-devel

2) Download apache source rpm file:

wget -c

3) Install rpm build tools and create folders for building:

yum -y install rpm-build
mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros

4) Try to install apache rpm source file (the one downloaded earlier):

rpm -Uhv httpd-2.2.3-92.el5.centos.src.rpm

5) Build a new .rpm file

cd /root/rpmbuild/SPECS
rpmbuild -ba httpd.spec

6) Compile Apache

cd /root/rpmbuild/BUILD/httpd-2.2.3
./configure --prefix=/etc/httpd --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --mandir=/usr/share/man --libdir=/usr/lib64 --sysconfdir=/etc/httpd/conf --includedir=/usr/include/httpd --libexecdir=/usr/lib64/httpd/modules --datadir=//www --with-installbuilddir=/usr/lib64/httpd/build --with-mpm=prefork --with-apr=/usr --with-apr-util=/usr --enable-suexec --with-suexec --with-suexec-caller=apache --with-suexec-docroot=//www --with-suexec-logfile=/var/log/httpd/suexec.log --with-suexec-bin=/usr/sbin/suexec --with-suexec-uidmin=500 --with-suexec-gidmin=100 --enable-pie --with-pcre --enable-mods-shared=all --enable-ssl --with-ssl=/usr/local/ssl --enable-distcache --enable-proxy --enable-cache --enable-mem-cache --enable-file-cache --enable-disk-cache --enable-ldap --enable-authnz-ldap --enable-cgid --enable-authn-anon --enable-authn-alias

7) Add new openssl library to system path Edit /etc/ and add at the end:


Save the file and run this command:

ldconfig -v

8) Restart apache

/etc/init.d/httpd restart

That’s it. You’re running the default Apache-2.2.3 version from CentOS 5.x but having the latest OpenSSL. Have fun!