Show TOC

Providing Cryptography Software for the Apache Web ServerLocate this document in the navigation structure

Use

You configure the Apache Web server, which communicates with the CM Java client as the TREX Web server, using the cryptography tool OpenSSL. You generate the OpenSSL tool and the mod_SSL.so library, which you need for the security configuration of the Apache Web server, using a build process. For the build process you need the software package OpenSSL and mod_SSL and the package of the corresponding Apache Web server. You download these software packages from the Web pages of the Apache Open Source project. You then start the build process using the build script build_ssl.sh.

Note

The Apache Web server 1.3.29 constitutes part of the delivered TREX software and is installed in the directory <TREX_Directory>/Apache during the TREX installation. You do not have to replace the previously installed Apache Web server with the newly downloaded version. You need the software package of the downloaded Apache Web server only for the build process for generating the cryptography software.

The procedures on configuring the Apache Web server that are described in this documentation relate to the release mentioned in the Prerequisites section. They are only valid for this release. This procedure is only a recommendation. TREX cannot give recommendations on using the Apache cryptography tools other than the procedures described in this document. SAP is not responsible for guaranteeing or supporting the software downloaded. SAP disclaims any liability or responsibility as regards these tools. The conditions of the relevant third-party provider are valid.

Prerequisites

Required Software

You need the following software for the build process:

Software Naming Available From

OpenSSL package

openssl-0.9.7c

www.openssl.org/source

modSSL package

mod_ssl-2.8.16-1.3.29

www.modssl.org/source

Apache Web server package

apache_1.3.29

www.apache.org/dist/httpd

Build script

build_ssl.sh

Attachment to SAP Note 620169 TREX 6.0/6.1/7.0: SSL and HTTPS for Apache Web Server

Required Compression Tools

The software packages are located on the Apache homepage as packed files in formats such as *.tar.gz, *.tgz and *.tar.Z. To unpack the files you require the appropriate compression tool on your host.

Format Compression Tool

*.tar.gz und *.tgz

gzip

*.tar.Z

uncompress

The tool uncompress is delivered along with most UNIX installations.

Supported UNIX Compilers

For the build process your host needs a compiler that corresponds to the UNIX operating system on which you installed TREX.

Operating System Compiler

AIX 5.2 64 Bit

C-Compiler "vac.C  6.0.0.3" and corresponding software packages

HP-UX 11.0 and 11i (11.11) 64 bit, with patches PHCO_27740, PHNE_28089, PHSS_26560, and PHSS_26946

B.11.11.06 HP C Compiler

Sun Solaris 8 and 9 64 bit

Sun WorkShop 6 update 2 C 5.3

Downloading Cryptography Software

  1. Download the software packages OpenSSL and modSSL and the package of the Apache Web server from the specified Web sites and save the packed files in a directory of your choice within the TREX installation directory.
    Note

    There is an overview of available releases on the Web sites in question. You may have to search the archive for older releases in order to find the software version supported by TREX.

  2. The build script build_ssl_sh is located in the attachment of SAP Note 620169 (TREX 6.0/6.1/7.0: Cryptographic Software for Apache Web Server). Save the script in the same directory as the software package.

Compiling Cryptography Software

You compile the cryptography tool modSSL and the library mod_SSL using the script build_ssl.sh. The build script unpacks the downloaded software packages, starts the build process, and saves the results of the build processes in relevant directories. As a result of the build process you obtain the cryptography tool OpenSSL and the mod_SSL library libssl.so.

Prerequisites

Procedure

  1. Log on with the user <SAPSID>adm.
  2. Go to the directory in which you stored the script, and call the script build_ssl.sh by entering the following:

    ./build_ssl.sh

Result

As a result of the build process you obtain the cryptography tool OpenSSL and the mod_SSL library libssl.so. The files are stored in the following directories:

  • Openssl tool:           .../OpenSSL/bin/openssl
  • modSSL library:
    • <TREX_Installation_Directory>/Apache/libexec/libssl.so
    • .../apache_1.3.29/src/modules/ssl/libssl.so
      Note

      The file libssl.so is first stored by the build script in the directory .../apache_1.3.29/src/modules/ssl/ and then copied to <TREX_Installation_Directory>/Apache/libexec/.This is only possible if the environment variable SAP_RETRIEVAL_PATH is set correctly. If this is not the case, you receive an error message that you can view in the log file build_ssl.log. You then have to manually copy the file libssl.so to the directory <TREX_Installation_Directory>/Apache/libexec/.

You can now call up the cryptography tool OpenSSL from the directory .../OpenSSL/bin/ and use it to configure secure communication between the Java client and the Apache Web server.

See also:

Providing the Certificates for the Apache Web Server (UNIX)