Installing I2A2 Apache on Linux
Michael Witt of the Purdue Libraries has installed the I2A2 Apache package on a
Linux system and has provided a set of simplified instructions for doing it.
Michael started with a Redhat 7.2 (i386) system built as a server. It had no previous web server or firewall packages
installed. He offers the following step-by-step instructions as a guide for duplicating his installation.
-
Download openssl, apache, modules, and i2a2 packages
from the I2A2 web site.
- Decompress them wherever you keep source on your system. They will create an I2A2_build directory.
-
As root, run "I2A2_build/Config". On Redhat 7.2, an older version of OpenSSL is installed in /usr/share/ssl, so
answer yes to the first question and provide this path. Install apache in /opt/apache-1.3.26.
- Now cd I2A2_build/openssl, and "make" (go get a cup of coffee.)
- If no errors occur, "make install".
- Now cd I2A2_build/apache and "make".
- If no errors occur, "make install".
- Now cd I2A2_build/modules and "make".
- If no errors occur, "make install".
- Now, for testing purposes, we can generate our own certificate.
cd I2A2_build/apache/src/apache_1.3.26/src
- "make certificate". If you don't know the answers to the prompts, accept the defaults. Remember your passphrase.
-
Copy your certificate and key to your pache installation:
cp ../conf/ssl.key/server.key /opt/apache-1.3.26/conf/ssl.key/server.key
cp ../conf/ssl.crt/server.crt /opt/apache-1.3.26/conf/ssl.crt/server.crt
- Now let's test Apache:
/opt/apache-1.3.26/bin/apachectl startssl
Type in your passphrase.
- Point your web browser to https://localhost and confirm your certificate has been installed and Apache is happy.
-
Stop Apache:
/opt/apache-1.3.26/bin/apachectl stop
-
Now we're ready to install the I2A2 package:
cd I2A2_build/securepurdue/I2A2
then
make patch
-
Edit src/*/libpuidX/extlib/Makefile.PL and remove "-xarch=v8" from the file. Return to I2A2_build/securepurdue/I2A2
and run make, then make install.
- Add these lines to your /etc/services file:
authc 1561/tcp # CC - I2A2 authenticator, text access authcs 1562/tcp # CC - I2A2 authenticator, SSL access authz 1563/tcp # CC - I2A2 authorizer, text access authzs 1564/tcp # CC - I2A2 authorizer, SSL access refl 1565/tcp # CC - I2A2 reflector, text access refls 1566/tcp # CC - I2A2 reflector, SSL access
-
Now we're ready to prepare apache to use I2A2. Create a file outside of your web server directory that contains nothing
but some arbitrary text. Do not use your certificate passphrase! Let's call this file secrets_key.txt.
-
Make the changes to /opt/apache-1.3.26/conf/httpd.conf that are
outlined on the I2A2 web page.
- Use a combination of directives in your httpd.conf and .htaccess files in the directories that you want to secure, then start Apache and test them.