Start of Content Area

Procedure documentation Providing Cryptography Software for the Apache Web Server  Locate the document in its SAP Library structure

Use

You configure the Apache Web server, which communicates with the CM Java client as the TREX Web server, using the OpenSSL cryptography tool. You generate the OpenSSL tool and the mod_SSL.so library, which you need for the security configuration of the Apache Web server, using a build process. For the build process, you need the software packages OpenSSL and mod_SSL and the package of the corresponding Apache Web server. You download the latter package from the Web pages of the Apache Open Source project. You then start the build process using the build_ssl.sh build script.

This graphic is explained in the accompanying text

The Apache Web server 1.3.29 constitutes part of the delivered TREX software and is installed in the <TREX_Directory>/Apache directory during the TREX installation. You do not have to replace the previously installed Apache Web server with the newly downloaded version. You need the software package of the downloaded Apache Web server only for the build process for generating the cryptography software.

This graphic is explained in the accompanying text

The procedures for configuring the Apache Web server that are described in this documentation relate to the release mentioned in the Prerequisites section. They are only valid for this release. This procedure is only a recommendation. TREX cannot give recommendations on using the Apache cryptography tools other than the procedures described in this document. SAP is not responsible for guaranteeing or supporting the downloaded software. SAP disclaims any liability or responsibility with regard to these tools. The conditions of the relevant third-party provider are valid.

Prerequisites

Required Software

You need the following software for the build process:

Software

Naming

Available From

OpenSSL package

openssl-0.9.7c

www.openssl.org/source

modSSL package

mod_ssl-2.8.16-1.3.29

www.modssl.org/source

Apache Web server package

apache_1.3.29

www.apache.org/dist/httpd

Build script

build_ssl.sh

Attachment to SAP Note 620169 TREX 6.0/6.1/7.0: SSL and HTTPS for Apache Web Server

Required Compression Tools

The software packages are located on the Apache homepage as packed files in formats such as *.tar.gz, *.tgz and *.tar.Z. To unpack the files you require the appropriate compression tool on your host.

Format

Compression Tool

*.tar.gz and *.tgz

gzip

*.tar.Z

uncompress

This graphic is explained in the accompanying text

The uncompress tool is delivered along with most UNIX installations.

Supported UNIX Compilers

For the build process your host needs a compiler that corresponds to the UNIX operating system on which you installed TREX.

Operating system

Compiler

AIX 5.2 64 Bit

C-Compiler "vac.C  6.0.0.3" and corresponding software packages

HP-UX 11.0 and 11i (11.11) 64 bit, with patches PHCO_27740, PHNE_28089, PHSS_26560, and PHSS_26946

B.11.11.06 HP C Compiler

Sun Solaris 8 and 9 64 bit

Sun WorkShop 6 update 2 C 5.3

Downloading Cryptography Software

...

       1.      Download the OpenSSL and modSSL software packages and the package of the Apache Web server from the specified Web sites and save the packed files in a directory of your choice within the TREX installation directory.

This graphic is explained in the accompanying text

There is an overview of available releases on the Web sites in question. You may have to search the archive for older releases to find the software version supported by TREX.

       2.         The build_ssl_sh build script is located in the attachment of SAP Note 620169 (TREX 6.0/6.1/7.0: Cryptographic Software for Apache Web Server). Save the script in the same directory as the software package.

Compiling Cryptography Software

You compile the modSSL cryptography tool and the mod_SSL library using the build_ssl.sh script. The build script unpacks the downloaded software packages, starts the build process, and saves the results of the build processes in relevant directories. As a result of the build process, you obtain the OpenSSL cryptography tool and the libssl.so mod_SSL library.

Prerequisites

Procedure

...

       1.      Log on with <SAPSID>adm.

       2.         Go to the directory in which you stored the script, and call build_ssl.sh by entering the following:

./build_ssl.sh

Result

As a result of the build process you obtain the OpenSSL cryptography tool and the libssl.so mod_SSL library. The files are stored in the following directories:

      Openssl tool:          .../OpenSSL/bin/openssl

      modSSL library:

       <TREX_Installation_Directory>/Apache/libexec/libssl.so

       .../apache_1.3.29/src/modules/ssl/libssl.so

This graphic is explained in the accompanying text

libssl.so is first stored by the build script in the .../apache_1.3.29/src/modules/ssl/ directory and is then copied to <TREX_Installation_Directory>/Apache/libexec/. This is only possible if the SAP_RETRIEVAL_PATH environment variable is set correctly. If this is not the case, you receive an error message that you can view in the build_ssl.log log file. You then have to manually copy libssl.so to <TREX_Installation_Directory>/Apache/libexec/.

 

You can now call up the OpenSSL cryptography tool from the .../OpenSSL/bin/ directory and use it to configure secure communication between the Java client and the Apache Web server.

More information:

Providing the Certificates for the Apache Web Server (UNIX)  

 

 

End of Content Area