LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 08-31-2012, 06:35 PM   #1
cwyble
LQ Newbie
 
Registered: Aug 2012
Location: San Fernando Valley, CA
Distribution: Redhat / debian / ubuntu
Posts: 2

Rep: Reputation: Disabled
rhel 5.8 / apache 2.4.3 / openssl 0.9.8x / PCI Compliance / compile from source


I'm having problems here and need some of your expert advice. I have 5 servers running rhel 5.8 that have openssl 0.9.8e installed by default.

We run some shopping carts with credit card info involved so are required to be PCI compliant.

We need to upgrade our openssl system to at least 0.9.8x to become PCI compliant.

The problem I'm having is that I can install from src the new openssl 0.9.8x, do the ln -x in /usr/bin and now the command line openssl is the correct version. The problem I'm having is linking to apache (current version 2.4.3).

I have used the following commands to build openssl.
./config no-threads shared -fPIC
make
make test
make install
cd /usr/bin
ln -s /usr/local/ssl/bin/openssl openssl

Now the command line openssl version gives me the correct version.

My apache configure line is:
./configure \
--prefix=/usr/local/apache2 \
--with-ssl=/usr/local/ssl \
--with-openssl=/usr/local/ssl/include \
--enable-rewrite=shared \
--enable-spelling=shared \
--enable-proxy=shared \
--enable-proxy-http=shared \
--with-included-apr \
--with-pcre \
--enable-so \
--enable-ssl \
--with-mpm=prefork \
--enable-unixd \
--enable-authz-host \
--enable-mime

All this works, then a make / make install with no errors.

Now when I do the services httpd start I get:
httpd: Syntax error on line 90 of /usr/local/apache2/conf/httpd.conf: Cannot load modules/mod_ssl.so into server: libssl.so.0.9.8: cannot open shareobject file: No such file or directory

Line 90 of the conf files is the LoadModule ssl_module modules/mod_ssl.so line.

Is there any hope here or am I doomed to wait for redhat to upgrade openssl for me?

Charlie
 
Old 08-31-2012, 07:19 PM   #2
abrinister
Member
 
Registered: Dec 2010
Location: /home
Distribution: RL: Arch x64 VM: Debian
Posts: 460

Rep: Reputation: 38
Quote:
libssl.so.0.9.8: cannot open shareobject file: No such file or directory
You should check if that file exists. If it doesn't you probably need to make a symlink to it from the actual name of the libssl shared object.

Alex Brinister
 
Old 09-03-2012, 12:09 PM   #3
cwyble
LQ Newbie
 
Registered: Aug 2012
Location: San Fernando Valley, CA
Distribution: Redhat / debian / ubuntu
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thanks, Yes, it exists and there are links to it in /usr/lib and in /lib
What the real question is, is "Where should the links be?"

Charlie

Quote:
Originally Posted by abrinister View Post
You should check if that file exists. If it doesn't you probably need to make a symlink to it from the actual name of the libssl shared object.

Alex Brinister
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't get Apache 2.2.21 to compile with OpenSSL support angstwad Linux - Server 5 10-05-2011 05:34 PM
LXer: Instituting 'Defense in Depth' for PCI Compliance on a Linux Platform LXer Syndicated Linux News 0 04-24-2011 06:00 AM
[SOLVED] mod_security and PCI-DSS compliance with Breach Security's Enhanced Rule Set rsciw Linux - Security 2 07-21-2010 04:18 AM
apache 2.2.3 / RHEL 5 / PCI Compliance / openssl sowell Linux - Server 2 12-09-2009 09:26 AM
Apache Openssl compile fails rioguia Linux - Software 2 11-07-2003 08:13 AM


All times are GMT -5. The time now is 07:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration