[Previous] [Next] [Table of Contents] ---------------------------------------------------------------------------- 4.1 Building OSU HTTPD SSL_TASK Support. This assumes that you have done the following. * Compiled OpenSSL for OpenVMS as outlined in Compiling OpenSSL for OpenVMS. * Installed the OpenSSL files as outlined in Installing OpenSSL for OpenVMS. * Configured the necessary files as outlined in Configuring files for generating your own SSL certificates. * And executed the OPENSSL_STARTUP.COM file. You will also need the following if you don't have it already. * You have a copy of the OSU HTTPD server either already installed or are about to install it. The OSU HTTPD server can be found at http://kcgl1.eng.ohio-state.edu/www/doc/serverinfo.html OpenSSL support has been tested with the OpenVMS OSU HTTP server up to the most current release. * The updated replacement .OPT link files which can be found in the file OSU_SSL.ZIP. * The updated replacement TSERVER_TCPSHR_INSTALL.COM file. * Updated/upgraded WWWSSL.COM file. * Either DEC's MMS or Matt Madison's MMK "make" utility. Matt Madison's MMK utility can be found at ftp://ftp.madgoat.com/madgoat/MMK.zip With that said and done, here are the instructions for building the OSU HTTPD server with SSL support using the SSL_TASK program. 1. If you don't have the OSU HTTPD server already installed and running you need to unpack the OSU distribution kit somewhere. (For the purpose of this discussion we'll assume you unpacked it in a directory called DISK$WORK:[HTTP_SERVER]). If you already have the OSU HTTPD server installed, you are set. 2. Go to the [.BASE_CODE] directory in the OSU HTTPD distribution. 3. Unpack the OSU_SSL.ZIP files into your [.BASE_CODE] directory replacing the files. 4. You need to build the OSU HTTPD server so that it will use the shareable image TCP/IP interface. This is done as follows. $ MMS/MACRO=(SHARE_TCP=xxxx) Where the "xxxx" is one of the following. CMUTCP CMU TCP/IP MULTINET Multinet TCP/IP TCPWARE TCPWare TCP/IP TWGTCP Pathway TCP/IP UCXTCP DEC UCX TCP/IP 5. When that is done running, you need to compile the TSERVER_SSL.C and SSL_SERVER_DNET.C $ CC TSERVER_SSL.C $ CC SSL_SERVER_DNET.C 6. You now need to link the DECNet SSL server. Go to your OSU [.BASE_CODE] directory and execute the following. $ MMK TSERVER_SSL.EXE/FORCE/MACRO=(SSL=SSL_SERVER_DNET) 7. If that went well you should have the file TSERVER_SSL.EXE in your OSU [.SYSTEM] directory. 8. Unpack the updated replacement TSERVER_TCPSHR_INSTALL.COM file and place it in the OSU HTTPD [.SYSTEM] directory. If you didn't compile the SSL_TASK.EXE when you built your OpenSSL library, go to the [.OPENSSL-0_9_3.SSL] directory and use the SSL-LIB.COM script to build it, it accepts the following parameters. P1: ALL Just build everything. LIBRARY Just build the SSL Library SSL_TASK Just build the SSL_TASK.EXE P2: RSAREF Compile using RSAREF routines. NORSAREF Don't compile using the RSAREF routines. P3: DEBUG Compile with debug information. NODEBUG Compile without debug information. P4: VAXC Use the VAXC compiler. DECC Use the DECC compiler. GNUC Use the GNUC compiler. P5: UCX Use the UCX TCP/IP routines. SOCKETSHR Use the SOCKETSHR TCP/IP routines. You have to use the same options you originally used when you built the OpenSSL library. You don't have to build the entire SSL library again, just the SSL_TASK. 9. Copy your SSL server certificate into the OpenSSL SSLCERTS: directory. (you don't have to, but it helps to keep everything together.) and make sure it is readable by whatever account the OSU HTTPD server runs under. 10. Unpack the updated/upgraded WWWSSL.COM and place it in the root directory of the OSU HTTPD server. You might want to look this script over as you can define where you have the SSL_TASK.EXE and your SSL certificate if you choose not to place them in the SSLEXE: and SSLCERTS: directory as well defining an alternate location for the WWWSSL.LOG file. 11. Now you just need to startup the HTTPD server on port 80 and 443 like the following. $ @DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_STARTUP.COM HTTP_SERVER - DISK$WORK:[HTTP_LOGS]HTTP_ERROR.LOG - DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_MAIN.CONF - 80 443 And if the server starts up correctly, you should be able to get a secure connection using "https". ---------------------------------------------------------------------------- 4.2 Building OSU HTTPD SSL_ENGINE Support. This documentation on intergrating OpenSSL into the OSU HTTPD SSL_ENGINE was written and tested for OSU HTTPD v3.5 and later. If you have a previous version of OSU HTTPD, the steps should be similar and will help you in getting the SSL_ENGINE compiled, but some of the essential files are only included in OSU v3.5 and later so your milage may vary and we recommend upgrading to OSU v3.5 to solve any potential problems. This assumes that you have done the following. * Compiled OpenSSL for OpenVMS as outlined in Compiling OpenSSL for OpenVMS. * Installed the OpenSSL files as outlined in Installing OpenSSL for OpenVMS. * Configured the necessary files as outlined in Configuring files for generating your own SSL certificates. * And executed the OPENSSL_STARTUP.COM file. You will also need the following if you don't have it already. * You have a copy of the OSU HTTPD server either already installed or are about to install it. The OSU HTTPD server can be found at http://kcgl1.eng.ohio-state.edu/www/doc/serverinfo.html * The updated replacement .OPT link files which can be found in the file OSU_SSL.ZIP. * The updated replacement TSERVER_TCPSHR_INSTALL.COM file. * Updated/upgraded WWWSSL.COM file. * Either DEC's MMS or Matt Madison's MMK "make" utility. Matt Madison's MMK utility can be found at ftp://ftp.madgoat.com/madgoat/MMK.zip With that said and done, here are the instructions for building the OSU HTTPD server with SSL support using the SSL_ENGINE program. 1. If you don't have the OSU HTTPD server already installed and running you need to unpack the OSU distribution kit somewhere. (For the purpose of this discussion we'll assume you unpacked it in a directory called DISK$WORK:[HTTP_SERVER]). If you already have the OSU HTTPD server installed, you are set. 2. Go to the [.BASE_CODE] directory in the OSU HTTPD distribution. 3. Unpack the OSU_SSL.ZIP files into your [.BASE_CODE] directory replacing the files. 4. You need to build the OSU HTTPD server so that it will use the shareable image TCP/IP interface. This is done as follows. $ MMS/MACRO=(SHARE_TCP=xxxx) Where the "xxxx" is one of the following. CMUTCP CMU TCP/IP MULTINET Multinet TCP/IP TCPWARE TCPWare TCP/IP TWGTCP Pathway TCP/IP UCXTCP DEC UCX TCP/IP 5. When that is done running, you need to compile the TSERVER_SSL.C, SSL_SERVER_DNET.C and SSL_ENGINE.EXE $ CC TSERVER_SSL.C $ CC SSL_SERVER_DNET.C $ CC SSL_ENGINE.C 6. Now, you need to look at the BSS_MST.C file in an editor. If you see the line #include "cryptlib.h" you need to remove that line and replace it with #include "bio.h" With that done, you can save the file and exit the editor. 7. If you compiled OpenSSL with RSAREF support, you need to edit the SSL_ENGINE.OPT and SSL_LIBRARIES.OPT file and uncomment the line for the LIBRSAGLUE library. 8. You now need to compile the SSL_THREADED.C and BSS_MST.C files as follows. $ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID - /INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") - SSL_THREADED.C $ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID - /INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") - BSS_MST.C 9. Link the SSL_ENGINE.EXE with the following command. $ LINK/NOTRACEBACK/EXE=SSLEXE:SSL_ENGINE.EXE SSL_ENGINE.OPT/OPT If all went well, you should have SSL_ENGINE.EXE in your SSLEXE: directory. You need to make sure the protection on the SSLEXE:SSL_ENGINE.EXE file is set to (SYSTEM:RWED,OWNER:RWED,GROUP,WORLD:RE) so execute the following to make sure. $ SET FILE SSLEXE:SSL_ENGINE.EXE/PROTECTION=(SYSTEM:RWED,OWNER:RWED,GROUP,WORLD:RE) 10. The SSL_ENGINE needs to be installed with SYSNAM privs. Install the SSLEXE:SSL_ENGINE.EXE as follows. $ INSTALL ADD SSLEXE:SSL_ENGINE.EXE/PRIVS=(SYSNAM) I would advise adding the above to your OSU startup script so it is executed when the server is started up. 11. You now need to link the DECNet SSL server. Go to your OSU [.BASE_CODE] directory and execute the following. $ MMK TSERVER_SSL.EXE/FORCE/MACRO=(SSL=SSL_SERVER_DNET) 12. If that went well you should have the file TSERVER_SSL.EXE in your OSU [.SYSTEM] directory. 13. Unpack the updated replacement TSERVER_TCPSHR_INSTALL.COM file and place it in the OSU HTTPD [.SYSTEM] directory. 14. Copy your SSL server certificate into the OpenSSL SSLCERTS: directory. (you don't have to, but it helps to keep everything together.) and make sure it is readable by whatever account the OSU HTTPD server runs under. 15. Unpack the updated/upgraded WWWSSL.COM and place it in the root directory of the OSU HTTPD server. You might want to look this script over as you can define where you have the SSL_ENGINE.EXE and your SSL certificate if you choose not to place them in the SSLEXE: and SSLCERTS: directory as well defining an alternate location for the WWWSSL.LOG file. 16. Now you just need to startup the HTTPD server on port 80 and 443 like the following. $ @DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_STARTUP.COM HTTP_SERVER - DISK$WORK:[HTTP_LOGS]HTTP_ERROR.LOG - DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_MAIN.CONF - 80 443 And if the server starts up correctly, you should be able to get a secure connection using "https". ---------------------------------------------------------------------------- 4.3 Building OSU HTTPD MST SSL Support. This documentation on intergrating OpenSSL into the OSU HTTPD MST SSL server and was written and tested for OSU HTTPD v3.5 and later. If you have a previous version of OSU HTTPD, the steps should be similar and will help you in getting the MST SSL server compiled, but some of the essential files are only included in OSU v3.5 and later so your milage may vary and we recommend upgrading to OSU v3.5 to solve any potential problems. This assumes that you have done the following. * Compiled OpenSSL for OpenVMS as outlined in Compiling OpenSSL for OpenVMS. * Installed the OpenSSL files as outlined in Installing OpenSSL for OpenVMS. * Configured the necessary files as outlined in Configuring files for generating your own SSL certificates. * And executed the OPENSSL_STARTUP.COM file. You will also need the following if you don't have it already. * You have a copy of the OSU HTTPD server either already installed or are about to install it. The OSU HTTPD server can be found at http://kcgl1.eng.ohio-state.edu/www/doc/serverinfo.html * The updated replacement .OPT link files which can be found in the file OSU_SSL.ZIP. * The updated replacement TSERVER_TCPSHR_INSTALL.COM file. * Either DEC's MMS or Matt Madison's MMK "make" utility. Matt Madison's MMK utility can be found at ftp://ftp.madgoat.com/madgoat/MMK.zip With that said and done, here are the instructions for building the OSU HTTPD server with MST SSL server support. 1. If you don't have the OSU HTTPD server already installed and running you need to unpack the OSU distribution kit somewhere. (For the purpose of this discussion we'll assume you unpacked it in a directory called DISK$WORK:[HTTP_SERVER]). If you already have the OSU HTTPD server installed, you are set. 2. Go to the [.BASE_CODE] directory in the OSU HTTPD distribution. 3. Unpack the OSU_SSL.ZIP file into your [.BASE_CODE] directory replacing the files. 4. You need to build the OSU HTTPD server so that it will use the shareable image TCP/IP interface. This is done as follows. $ MMS/MACRO=(SHARE_TCP=xxxx) Where the "xxxx" is one of the following. CMUTCP CMU TCP/IP MULTINET Multinet TCP/IP TCPWARE TCPWare TCP/IP TWGTCP Pathway TCP/IP UCXTCP DEC UCX TCP/IP 5. When that is done running, you need to compile the TSERVER_SSL.C and SSL_SERVER_MST.C $ CC TSERVER_SSL.C $ CC SSL_SERVER_MST.C 6. Now, you need to look at the BSS_MST.C file in an editor. If you see the line #include "cryptlib.h" you need to remove that line and replace it with #include "bio.h" With that done, you can save the file and exit the editor. 7. If you compiled OpenSSL with RSAREF support, you need to edit the SSLSHR_SERVER_MST.OPT and SSL_LIBRARIES.OPT file and uncomment the line for the LIBRSAGLUE library. 8. You now need to compile the SSL_THREADED.C and BSS_MST.C files as follows. $ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID - /INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") - SSL_THREADED.C $ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID - /INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") - BSS_MST.C 9. You now need to link the MST SSL server. Go to your OSU [.BASE_CODE] directory and execute the following. $ MMK TSERVER_SSL.EXE/FORCE/MACRO=(SSL=SSL_SERVER_MST) 10. If that went well you should have the file TSERVER_SSL.EXE in your OSU [.SYSTEM] directory. 11. Unpack the updated replacement TSERVER_TCPSHR_INSTALL.COM file and place it in the OSU HTTPD [.SYSTEM] directory. 12. Copy your SSL server certificate into the OpenSSL SSLCERTS: directory. (you don't have to, but it helps to keep everything together.) and make sure it is readable by whatever account the OSU HTTPD server runs under. 13. You now need to define the following logicals as /SYSTEM/EXECto customize your installation of the MST SSL server. WWWSSL_MST_THREAD_LIMIT : The Maximum Number Of SSL Threads Allowd. (Default is 10) WWWSSL_MST_STACK_SIZE : The Stack Size For SSL Server Threads. (Default is 60000) WWWSSL_MST_QUEUE_FLAG : Weather Or Not To Wait For Next Available Thread. (TRUE or FALSE value) WWWSSL_MST_CERTIFICATE : Location Of The Server's SSL Certificate. WWWSSL_MST_LOGFILE : Location To Put The MST SSL Log File. WWWSSL_MST_VERSION : Which versions of SSL To Use 2, 3 or 23 (Default is 2) Here's an example... $ DEFINE/SYSTEM/EXEC WWWSSL_MST_THREAD_LIMIT 15 $ DEFINE/SYSTEM/EXEC WWWSSL_MST_STACK_SIZE 90000 $ DEFINE/SYSTEM/EXEC WWWSSL_MST_QUEUE_SIZE TRUE $ DEFINE/SYSTEM/EXEC WWWSSL_MST_CERTIFICATE SSLCERTS:SERVER.PEM $ DEFINE/SYSTEM/EXEC WWWSSL_MST_LOGFILE DISK$HTTP:[HTTP_LOGS]SSL_MST.LOG $ DEFINE/SYSTEM/EXEC WWWSSL_MST_VERSION 23 I recomend putting the defines in your OSU HTTP startup file. 14. Now you just need to startup the HTTPD server on port 80 and 443 like the following. $ @DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_STARTUP.COM HTTP_SERVER - DISK$WORK:[HTTP_LOGS]HTTP_ERROR.LOG - DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_MAIN.CONF - 80 443 And if the server starts up correctly, you should be able to get a secure connection using "https". ---------------------------------------------------------------------------- [Previous] [Next] [Table of Contents] [Image] [Image]