rhythmicalmedia.com

Apache, SSL, Red Hat 4

A new requirement came down for the Solo Tech application the other day. We need to serve it using SSL and in addition the SOAP calls to the API need to use SSL as well. There was a lot of hoop jumping in order to get this working. I had a previous install of Apache using DSO and I was hoping to load mod_ssl dynamically along with my other modules. However I could not get apxs to create the mod_ssl module. So I ended up recompiling Apache and PHP from scratch.

First I installed the latest version of openSSl from here.
(remember to do installs as root)

# gzip -d openssl.tar.gz
# tar -xvf openssl.tar
# cd openssl
# ./configure -fPIC os/compiler:gcc
# make
# make test
# make install

Then compile and install Apache to use ssl, php, rewrite and so (shared objects). Unzip and untar as above and switch into the new directory.

# ./configure --enable-ssl=shared --with-ssl=/usr/local/ssl/ --enable-rewrite=shared --enable-setenvif --enable-so
# make
# make install

I then created a key and certificate by doing the following and storing them in apache2/conf/certs

The last line creates a self signed certificate.

# openssl genrsa -out hostname.key 1024
# openssl req -new -key hostname.key -out hostname.csr
# openssl x509 -req -days 365 -in hostname.csr -signkey hostname.key -out hostname.crt

Open up apache2/conf/httpd.conf and uncomment the following line:

Include conf/extra/httpd-ssl.conf

Then open up apache2/conf/extra/httpd-ssl.conf and un-comment and set the paths to the certificate and key you just created.

SSLCertificateFile "/usr/local/apache2/conf/certs/hostname.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/certs/hostname.key"

Restart Apache. (I have apachectl in my path)

# apachectl -k restart

If everything is cool then you should be able to request a page from your server through https. The browser will complain about the certificate. You can accept the certificate and then you should be communicating through SSL.

The next step is setting up PHP. So stop Apache.

# apachectl -k stop

Repeat the unzip and untar process from above on the downloaded PHP archive and proceed with configuration and installation.

#  ./configure --with-apxs2=/usr/local/apache2/bin/apxs --with-mysql --with-curl --enable-soap --with-openssl=/usr/local/ssl
# make
# make test
# make install

Your path to openssl may differ to just verify its location with:

# whereis openssl

Move the PHP ini file to its final location:

# cp php.ini-dist /usr/local/lib/php.ini

Again this may differ on your system.
Open apache2/conf/httpd.conf again and add the following lines at the end.

          SetHandler application/x-httpd-php

Make sure the php module is being loaded by the conf file. You should see this:

LoadModule ssl_module modules/mod_ssl.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module        modules/libphp5.so

Restart the server.

For the SOAP stuff I set this in my app config.php file.

define('SOAP_URL', 'https:<URL>?wsdl');
define('SOAP_ORGNAME', 'ORG1002');
define('SOAP_API_VERSION', '3.2');
define('SOAP_WAIT', '0');
define('SSL_CERT_PATH', '/usr/local/apache2/certs/triad.pem');

And then when I instantiate the SOAP client I do this:

 
        try
        {
            $this->client = new SoapClient(
	            SOAP_URL,
		            array (
		            "trace"=>true
		            , "exceptions"=>true
		            , 'features'=>SOAP_SINGLE_ELEMENT_ARRAYS
					, 'local_cert' => SSL_CERT_PATH
		            )
            );
        }
        catch(SoapFault $f)
        {
            throw new Exception($f->getMessage());
        }