2

I just took over an old Apache httpd site that was maintained by somebody else. It's running httpd 2.2.2-1.3 on Fedora 5. I think the httpd was originally installed from an RPM. I was asked to enable SSL on this site. Now I have the certificate and key ready, but I found this httpd does not have mod_ssl compiled in.

This site is running an important service that cannot be shutdown for too long. What is my best option to install mod_ssl with the minimum impact on the site?

Can I compile an Apache 2.2.2 on some other places with --enable-ssl and copy the binary over to /usr/lib? Also, where can I get the compatible mod_ssl.so?

Caleb
  • 11,813
  • 4
  • 36
  • 49
evergreen
  • 121
  • 3

1 Answers1

2

I know it's not what you want to hear, or indeed what you asked, but Fedora 5 is extremely old and well out of patch. If I had inherited it, I would be making very strenuous moves to get functionality off that and on to a supportable system.

And the mod_ssl issue may be just what you need to get the migration done. If you come at this from the point of view of "If I need to recompile apache, there may be significant downtime, as there will be each time I have to recompile it in future so that our web server stays in patch; but if we bite the bullet now and move to a modern platform, where our web server is packaged, keeping in patch becomes really easy", you may be able to sell the move.

If, however, you just knuckle under and do what you're asked to do, with minimal discomfort for the users, noone will ever see a good reason to swallow the downtime and disruption of a platform move.

Seriously, a Fedora 5 box is just begging to be compromised, at this point. By way of example, apache 2.2 is now at 2.2.17, and while your OpenSSL (which underlies mod_ssl) is at 0.9.8a, the current version in that stream is 0.9.8r.

But if, as usually happens, this story is unacceptable - despite being true - and you're right that you're running apache 2.2.2-1.3, which was the last version released as part of the F5 upgrade stream, the corresponding mod_ssl package can be found in the fedora project archives, and you should be able to yum that in with minimal disruption and downtime. But be very clearly aware of what you're doing if you decide to go with it.

MadHatter
  • 79,770
  • 20
  • 184
  • 232
  • is right that you can just grab the mod_ssl package from the F5 package repository and be on your way, but that by continuing to upgrade and hack on an unmaintained version of your OS you are begging for trouble. You should make it a highest priority as an administrator to run a secure box. Running mod_ssl on a box full of other holes will only give your company and customers a false sense of security. – Caleb Apr 21 '11 at 09:06