Apache Upgrade Apache Installation.........................................................................................................................................1 Creating Certificate Requests.........................................................................................................................5
Apache Installation 1. Verify the the content content server server is workin working g by using using CSADMIN. CSADMIN. 2. Verify offline offline backu backu successf successful. ul. !. "nsure "nsure there there is an ANSI ANSI C co#ile co#ilerr installe installe$. $. %ye &gcc &gcc 'v(. 'v(. As root: root@r3csdbq1:/root> root@r3csdbq1:/r oot> gcc -v Using built-in specs. Target: powerpc-ibm-ai! powerpc-ibm-ai!.3."." .3."." #on$igured wit%: ../con$igure --wit%-as&/usr/bin/as --wit%-as&/usr/bin/as --wit%ld&/usr/bin/ld --enable-languages&c'c((')ava --enable-languages&c'c((')ava --pre$i&/opt/$reeware --pre$i&/opt/$reeware --enable-t%reads --enable-version-speci$ic-runtim --enable-version-speci$ic-runtime-libs e-libs --%ost&powerpcibm-ai!.3."." --target&powerpc-ibm-ai!.3."." --target&powerpc-ibm-ai!.3."." --build&powerpc-ibm--build&powerpc-ibmai!.3."." --disable-lib)av --disable-lib)ava-multilib a-multilib T%read model: ai
gcc version 4.2.0 root@r3csdbq1:/root> root@r3csdbq1:/r oot> w%ic% gcc /usr/bin/gcc root@r3csdbq1:/root> ). *eco#e *eco#e root. root. Default Default u#ask u#ask #ust be +22. +22. ,. Verify .cshrc .cshrc for for si$a$# si$a$# an$ s-$si$ s-$si$ to inclu$e inclu$e.. set pat% & * /usr/+,> /usr/+,>/apac%e/bin:/op /apac%e/bin:/opt/pware0/bin t/pware0/bin pat% 2 setenv 45AT6 /opt/pware0/lib
set prompt&78%ostname8:U,9 prompt&78%ostname8:U,9 ;<> 7 alias lst =ls -lrttail -?"= alias cdbac =cd /usr/openv/netbacup/et/dbet/ /usr/openv/netbacup/et/dbet/sap= sap= alias cdlog =cd /sapdb/data/wr/ /sapdb/data/wr/+,> +,>/= /= alias % =%istorB= alias startap /usr/+,> /usr/+,>/apac%e/bin/apac /apac%e/bin/apac%ectl %ectl start alias stopap /usr/+,> /usr/+,>/apac%e/bin/apa /apac%e/bin/apac%ectl c%ectl stop alias cdap cd /usr/+,> /usr/+,>/apac%e /apac%e set %istorB & 1"" /. Sto Sto Aach Aache. e. As si$a$ si$a$# # sto stoa a.. 0. Delet Delete e eit eiting ing Aach Aache e As root: cd /usr/#C4/ /usr/#C4/apac%e apac%e rm -r$ D . 3un 3un the the bel below ow co# co##an #an$s $s as root root to to install Aache. Aache shoul$ be installe$ rior to starting sainst4 it rea$s so#e of the Aache environ#ent settings as art of the install. 5iles are create$ in the aache install $irectory 67a$#$ata7sac$7cs/)+7htt$'2.+./!8 67a$#$ata7sac$7cs /)+7htt$'2.+./!8 so it nee$s to be writable. If you
eerience issues with a re'install4 $elete the install $irectory an$ re'etract the tar file fro# 7a$#$ata7sac$7cs/)+. As root : cd /usr/#C4/apac%e tar -v$ /admdata/sapcd/cs0"/%ttpd-?.".3.tar Install Apache unset #EAF, 9GTAEAF,,64 H4I9#TJH9 unset EAF, 45AT6 4, 4AK5AT6 eport ##&7gcc -mai07 eport 59&/usr/opt/perl!/bin/perl eport 4AK5AT6&/opt/pware0/lib eport 4,&7-/opt/pware07 eport 45AT6&/opt/pware0/lib eport #55EAF,&7-/opt/pware0/include/openssl7 eport H4I9#TJH9&0 cd /usr/CQB/apac%e/%ttpd-?.D
c%mod - LLL D /usr/sbin/slibclean $ $ailed mae previouslB' mae clean ./con$igure --pre$i =/usr/CQB/apache --wit%-mpm&pre$or --enable-ssl&s%ared --wit%-ssl&/opt/pware0 --wit%-included-apr mae mae install
9. Change ownershi fro# root to si$a$#sasys an$ set sticky bit. c%own - cqbadm:sapsBs /usr/CQB/apac%e c%mod LL! /usr/CQA/apac%e c%own root /usr/CQA/apac%e/bin/%ttpd c%mod 0L!! /usr/CQA/apac%e/bin/%ttpd 1+. Coy new conf files Eor #CA/4: cp /admdata/sapcd/cs0"/con$/#,C/%ttpdDcon$ /usr/CQB/apac%e/con$ Eor #,/#,5: cp /admdata/sapcd/cs0"/con$/%ttpdDcon$ /usr/apac%e/con$ 11. A$:ust the configuration file /usr/CQB/apac%e/con$/%ttpd.con$. Change the line ;ser to si$a$#. User cqbadm #,#on$ig5at% /%ome/cqbadm/con$/cs.con$ Eor multi Apac%e install c%ange all #CA to new ,.
%he below changes shoul$ alrea$y be #a$e Froup sapsBs isten 1"M" *1"M? $or #C42 Uncomment Nnclude con$/etra/%ttpd-ssl.con$ 12. Mo$ify the configuration file /usr/#C4/apac%e/con$/%ttpd-ssl.con$ uses ort 1+91 61+9! for C<*8 an$ not ))!. 5or #ulti Aache install change all C
1!. Verify si$a$# can navigate to the $irectory 7usr7aache7ht$ocs an$ the 7usr7aache $irectory an$ it=s sub$irectories are owne$ by si$a$#. 1). Coy certs if they have alrea$y been generate$. cp /admdata/sapcd/cs0"/certs/CSQ/D /usr/apac%e/con$ c%own +sid>adm:sapsBs /usr/apac%e/con$/D 1,. Su to si$a$# an$ verify >A%? an$ @I*>A%? are set fro# above change in .cshrc for si$a$#.. 1/. Create the following links cd /usr/#C4/apac%e/modules ln -s /%ome/cqbadm/modules/libsapsecu.o libsapsecu.o ln -s /%ome/cqbadm/modules/modsapcs?.o modsapcs?.o 10. Verify the /usr/apac%e/con$/%ttpd.con$ file has these entries Add the line in blue: oadJodule sapcsmodule modules/modsapcs?.o oadJodule sslmodule modules/modssl.so Add these lines to the end: +$Jodule modsapcs.cpp> N AddJodulen$o #ontent,erver 7,A5 #ontent ,erver 0"/" *5rototBpe2 *#2 ,A5 AF 1MMO' ?""17
+ocation /sapcs> ,et6andler sapcsmodule Allow $rom all +/ocation> +ocation /#ontent,erver/#ontent,erver.dll> ,et6andler sapcsmodule Allow $rom all +/ocation> +ocation /contentserver/contentserver.dll> ,et6andler sapcsmodule Allow $rom all +/ocation> +/$Jodule> 1. As si$a$# start Aache with the co##an$ /usr/apac%e/bin/apac%ectl start 19. Verify Aache is starte$4 check files in 7usr7aache7logs if errors. P ps -e$grep apa csqadm 1O"3?0 1 csqadm ?L003? 1O"3?0 csqadm ?MM?00 1O"3?0 csqadm 3ML!!? 1O"3?0 csqadm 0"!0? 1O"3?0 csqadm 013OMO 1O"3?0
" " " " " "
1?:?O:"M 1?:?O:"M 1?:?O:"M 1?:?O:"M 1?:?O:"M 1?:?O:"M
-
":"" ":"" ":"" ":"" ":"" ":""
/usr/apac%e/bin/%ttpd /usr/apac%e/bin/%ttpd /usr/apac%e/bin/%ttpd /usr/apac%e/bin/%ttpd /usr/apac%e/bin/%ttpd /usr/apac%e/bin/%ttpd
- - - - - -
start start start start start start
2+. Check website htt77r!cs$b-1.se#ra.co#1+9+7 %his shoul$ return the following in your browser.
If you can see this, it means that the installation of the Apache web server software on this system was successful. You may now a content to this irectory an replace this page.
https!""r#csbq1.sempra.com!1$%1"ine&.html.en 21. Change AC+ settings by using B?%%>S. Change ?%%>S fiel$s to &(?%%>S 3e-uire$(
an$ enter the SS@ ort. 22. nly SS@ Server an$ SS@ Client 6Stan$ar$8 nee$ to have non'self sign certificates. I#ort the Content Server certificate that has been signe$ by Se#ra an$ installe$ into Aache into both >S"=s. %he certs are locate$ at S*ASIS#tettenbCertificates. Double Click the entry un$er SS@ Server. Click &I#ort Certificate(
5in$ the aroriate .crt file an$ select the *ase/) ra$io button an$ click check. r select the E.cer file an$ select *inary.
Click A$$ certificate to @ist.
3eeat for SS@ Client Stan$ar$ an$ the certificates shoul$ be a$$e$ as below
2!. Fou #ust bounce the server after installing the certificate. 2). After SA> is u4 you shoul$ be able to connect using CSADMIN or AC+.
Creating Certificate Requests 2,. If you nee$ to create Certificates follow these stes. Create CS3 re-uest 65or hel htt77htt$.aache.org7$ocs72.+7ssl7sslfa-.ht#lGselfcert 8 cd /usr/apac%e/con$ Not working Create server key openssl rsa -noout -tet -in server.eB Create server key openssl genrsa -des3 -out server.eB ?"0O *pass test2 Create CS3 openssl req -new -eB server.eB -out server.csr View CS3 openssl req -noout -tet -in server.csr
#ountrB Qame *? letter code2 RAUS:U, ,tate or 5rovince Qame *$ull name2 R,ome-,tateS:#ali$ornia ocalitB Qame *eg' citB2 RS:,an iego Hrganiation Qame *eg' companB2 Rnternet idgits 5tB tdS:,empra 9nergB Utilities Hrganiational Unit Qame *eg' section2 RS:T #ommon Qame *eg' KHU name2 RS:r3csdbd1.sempra.com 9mail Address RS:[email protected] 5lease enter t%e $ollowing =etra= attributes to be sent wit% Bour certi$icate request A c%allenge password RS: An optional companB name RS: ;KEY SIZE INFORMATION ;Key Size = 2048-bits RSA, SHA-1 ---------INTERNA !SR INFORMATION----------------!N = "F#$N%OF%A&&I!ATION'SER(ER) O* = IT O = Se+. E/ey *tiities = "S./ $ie s A/ees O NY) S = !A ! = *S
Sub#it CS3 re-uest htts77kiweb1.se#ra.co#7certsrv7 'H 3e-uest Certificate. 5or assistance4 the >I a$#in is 3*Jillia#sKSe#ra.co#.
%o receive the cert4 use the website htts77kiweb1.se#ra.co#7certsrv7 the click Downloa$ certificate.
After you receive your certificate coy it to 7usr7aache7conf. c$ 7usr7aache7conf Convert certification fro# D"3 to >"M openssl !"M -in$orm 9 -out$orm 59J -in certnew.cer -out server.crt
If you nee$ to re#ove the ass hrase fro# your key use this openssl rsa -in server.eB -out server.eBnopass
