This is a log of my installation/Compilation of Apache DSO with SSL, MM, JSERV1.1 under Solaris 2.7 This is IMHO a stable configuration for servlets using Sun's JSDK2.0 as opposed to richer, but at the same time more experimental Jakarta/Tomcat approach. I was logged as root. This stuff if based on INSTALL file which comes with mod_ssl. If you are outside US, please look into INSTALL which comes with mod_ssl, since you do not need RSAREF and can use more robust code [your 8) and apache configure will be different]. 2) Install Java 1.2 under Solaris if you do not have it. If you type java -version and it tells you that you have JDK 1.2, you are OK. If not you need to install. It is simple. You get a package from http://www.javasoft.com/: a) click on Products & APIs b) choose JAVA 2 SDK, Standard Edition http://www.javasoft.com/products/jdk/1.2/index.html c) take: Java 2 SDK SolarisTM Production Release (J2SE) [I really wonder whu Sun constantly changes names. It is some ill-advised marketing ploy which unfortunately wastes a lot of time of other people]. You need: d) You need essentially all files. I placed them in /usr/local/java 393617 Feb 2 09:56 1.2.1_04_Developer-Guide.ps 37347 Feb 2 09:56 1.2.1_04_Release-Notes.html 274881 Feb 2 09:56 1.2.1_04_docs_sparc.tar.Z 13287936 Feb 2 09:58 1.2.1_04_patches_sparc_5.5.1.tar 4773888 Feb 2 09:58 1.2.1_04_patches_sparc_5.7.tar 11592 Feb 2 09:58 README.sparc 19826325 Feb 2 10:01 Solaris_JDK_1.2.1_04_sparc.bin e) Read the README.sparc and do what they say. i) chmod +x Solaris_JDK_1.2.1_04_sparc.bin ii) ./Solaris_JDK_1.2.1_04_sparc.bin iii) Move the old install directory of Java 2 (if exists): mv /usr/java1.2 /usr/java1.2_previous iii) move the directory Solaris_JDK_1.2.1_04 just created to where you want it, and you better want it at /usr/java1.2 mv Solaris_JDK_1.2.1_04 /usr/java1.2 iv) Since my solaris is 2.7 % uname -a SunOS heechee 5.7 Generic_106541-08 sun4u sparc SUNW,Ultra-250 I used patches for it: tar xvf 1.2.1_04_patches_sparc_5.7.tar This created a directory ./5.7 with for tar.Z files in it 284963 Oct 26 19:57 106980-05.tar.Z 2660971 Oct 26 19:57 107078-10.tar.Z 1308491 Oct 26 19:57 107607-01.tar.Z 514653 Oct 26 19:57 107636-01.tar.Z v) I unpacked each patch as: gtar Zxvf 1xxxxxx-xx.tar.Z this creates a directory 1xxxxxx-xx for each patch cd 1xxxxxx-xx and read README.106980-05. Then run pkgadd pkgadd -d . SUN* and answer yes. f) test if java installed corretly: java -version java version "1.2.1" Solaris VM (build Solaris_JDK_1.2.1_04, native threads, sunwjit) 3) Get the JSDK2.0 -- It is hidden someplace in the www.javasoft.com since they are pushing the new stuff, but they forget that we also need to use the old stuff. Why it is hidden, beats me... It causes a lot of grief for people since JSDK2.0 is the only one which will work with JServ. Either you know wehere it is or not. Once you know it, they will change it {:-(}. Go to: http://java.sun.com/products/servlet/download.html Go to the very bottom of the page and select platfom for Java Servlet Development Kit 2.0 (Unix) and click continue. Then [ACCEPT] terms. Pick up HTTP download (or FTP -- which is usually faster) and you will retrieve a file jsdk20-solaris2-sparc.tar.Z It is not really Solaris file. It will work on any UNIX since it is Pure Java. Unpack this file in /usr/local, i.e., cd /usr/local gtar Zxvf /path/where/you/have/it/jsdk20-solaris2-sparc.tar.Z This will create directory /usr/local/JSDK2.0. 4) Set your environment variables for Java (I am assuming you use some Bourne shell lookalike -- ksh or bash. JAVA_HOME=/usr/java1.2 export JAVA_HOME JSDK_HOME=/usr/local/JSDK2.0 export JSDK_HOME PATH=/usr/local/bin:${JAVA_HOME}/bin:${JSDK_HOME}/bin:${PATH} export PATH CLASSPATH=${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/dt.jar CLASSPATH=${CLASSPATH}:${JSDK_HOME}/lib/jsdk.jar export CLASSPATH 5) Make top directory for apache JServ installation. I did /usr/local/apache_JServ1.1 but if you do some other, you need to remember to use it in the instructions below, mkdir /usr/local/apache_JServ1.1 6) I also make a subdirectory sources to have all needed sources in one place. mkdir /usr/local/apache_JServ1.1/sources place there tar files, and then unpack them as shown below: a) apache_1.3.11.tar.gz from http://www.apache.org/dist/ gtar zxvf apache_1.3.11.tar.gz b) mod_ssl-2.5.0-1.3.11.tar.gz from http://www.modssl.org gtar zxvf mod_ssl-2.5.0-1.3.11.tar.gz c) openssl-0.9.4.tar.gz from http://www.openssl.org gtar zxvf openssl-0.9.4.tar.gz d) mm-1.0.12.tar.gz from http://www.engelschall.com/sw/mm/ gtar zxvf mm-1.0.12.tar.gz e) rsaref20.tar.Z -- it is no longer distributed, and I got it from my private museum. It is available from many places on the Web outside US. Search the Web FOR RSAREF 2.0. mkdir rsaref-2.0 cd rsaref-2.0 gtar Zxvf ../rsaref20.tar.Z cd .. f) ApacheJServ-1.1.tar.gz -- jserv module from http://java.apache.org/jserv/dist/ gtar zxvf ApacheJServ-1.1.tar.gz 7) Compiled RSAREF library for openssl since we are in US and RSA has a patent, and we cannot use the decent implementation of crypto libraries. If you are in Europe, you can skip this thing. cd /usr/local/apache_JServ1.1/sources/rsaref-2.0 cp -rp install/unix local cd local edited makefile to have CC = gcc changed all occurrances of cc --> $(CC) added -fPIC to CFLAGS make mv rsaref.a librsaref.a 8) Compiled the openssl [if you are in Europe, you need to check the mod_ssl INSTALL not to include RSAREF] cd /usr/local/apache_JServ1.1/sources/openssl-0.9.4 sh config \ -L/usr/local/apache_JServ1.1/sources/rsaref-2.0/local/rsaref -fPIC make make test 9) Compiled MM shared memory library cd /usr/local/apache_JServ1.1/sources/mm-1.0.12 ./configure --disable-shared make cd .. 10) Configured mod_ssl cd /usr/local/apache_JServ1.1/sources/mod_ssl-2.5.0-1.3.11 EAPI_MM=../mm-1.0.12 \ ./configure \ --with-apache=/usr/local/apache_JServ1.1/sources/apache_1.3.11 11) Configure and make and install Apache with DSO support: cd /usr/local/apache_JServ1.1/sources/apache_1.3.11 SSL_BASE=/usr/local/apache_JServ1.1/sources/openssl-0.9.4 \ RSA_BASE=/usr/local/apache_JServ1.1/sources/rsaref-2.0/local \ EAPI_MM=/usr/local/apache_JServ1.1/sources/mm-1.0.12 \ ./configure --prefix=/usr/local/apache_JServ1.1 \ --enable-module=so \ --enable-rule=SHARED_CORE \ --enable-module=most \ --enable-shared=max \ --enable-module=ssl \ --enable-shared=ssl make make certificate TYPE=custom make install My entries for certificates with make certificate TYPE=custom were defaults, no passwords, and: STEP 0: R STEP 2: 1. Country Name [XY]:US 2. State or Province Name [Snake Desert]:Ohio 3. Locality Name [Snake Town]:Columbus 4. Organization Name [Snake Oil, Ltd]:OSC 5. Organizational Unit Name [Cer..Authority]:Gateway 6. Common Name [Snake Oil CA]:heechee.ccl.net 7. Email Address [ca@snakeoil.dom]:jkl@ccl.net 8. Certificate Validity [365]:1000 STEP 3: 3 STEP 5: 1. Country Name [XY]:US 2. State or Province Name [Snake Desert]:Ohio 3. Locality Name [Snake Town]:Columbus 4. Organization Name [Snake Oil, Ltd]:OSC 5. Organizational Unit Name [Webserver Team]:PSE 6. Common Name [www.snakeoil.dom]:heechee.ccl.net 7. Email Address [www@snakeoil.dom]:jkl@ccl.net 8. Certificate Validity [365]:1001 STEP 6: 3 STEP 7:n STEP 8:n 12) edited a file in /usr/local/apache_JServ1.1/conf/httpd.conf and added (actually uncommented): ServerName heechee.ccl.net 13) Testing if Apache works: a) make sure other installation of apache is not running, or if it runs, it does not use port 80 and port 443. (do: ps -ef | grep httpd), and if httpd runs, kill it with its own apachectl script or just use (not recommended) killall httpd b) start apache with: /usr/local/apache_JServ1.1/bin/apachectl startssl If you have warning, you have a problem, and try to do "exactly what I say" next time {:-)}. c) Use your browser (preferable on some other machine) and check if http: and https: work In my case, I tries URLs: http://pse.ccl.net/ and https://pse.ccl.net/ In the https case you should get a lot of windows which ask you for accepting the certificate. Just click Next to see if you can go through to the page. d) Stop apache, since you are not finshed yet. /usr/local/apache_JServ1.1/bin/apachectl stop 14) Configuring JServ (note, you need to have JAVA_HOME, JSDK_HOME, PATH, and CLASSPATH set correctly as described in 4). cd /usr/local/apache_JServ1.1/sources/ApacheJServ-1.1 ./configure \ --prefix=/usr/local/apache_JServ1.1/jserv \ --with-apxs=/usr/local/apache_JServ1.1/bin/apxs \ --with-jdk-home=$JAVA_HOME \ --with-JSDK=$JSDK_HOME \ --with-java-platform=2 \ --enable-EAPI \ --disable-debugging \ --enable-compressed-jar as a result it will produce some info on the screen. Read it and if you can grab it with a mouse and save in a file, do it! 15) Building and installing JServ cd /usr/local/apache_JServ1.1/sources/ApacheJServ-1.1 make 16) Making Apache copy [i.e. INSTALL] the JServ module in proper directories. cd /usr/local/apache_JServ1.1/sources/apache_1.3.11 make install cd /usr/local/apache_JServ1.1/sources/ApacheJServ-1.1 make install 17) Some log files end up with wrong permissions. cd /usr/local/apache_JServ1.1/logs chgrp nobody * chmod g+rw * chgrp nobody . chmod g+rwx . 18) Configuring for the test of JServ. a) cd /usr/local/apache_JServ1.1/conf edit httpd.conf and add at the end: Include /usr/local/apache_JServ1.1/conf/jserv/jserv.conf b) start Apache /usr/local/apache_JServ1.1/bin/apachectl startssl c) check if JServ works by accessing URL with Hello servlet in your browser: http://pse.ccl.net/servlets/Hello https://heechee.ccl.net/servlets/IsItWorking d) stop Apache /usr/local/apache_JServ1.1/bin/apachectl stop