[Previous] [Next] [Table of Contents]
----------------------------------------------------------------------------

4.1 Building OSU HTTPD SSL_TASK Support.

This assumes that you have done the following.

   * Compiled OpenSSL for OpenVMS as outlined in Compiling OpenSSL for
     OpenVMS.

   * Installed the OpenSSL files as outlined in Installing OpenSSL for
     OpenVMS.

   * Configured the necessary files as outlined in Configuring files for
     generating your own SSL certificates.

   * And executed the OPENSSL_STARTUP.COM file.

You will also need the following if you don't have it already.

   * You have a copy of the OSU HTTPD server either already installed or are
     about to install it.

     The OSU HTTPD server can be found at
     http://kcgl1.eng.ohio-state.edu/www/doc/serverinfo.html

     OpenSSL support has been tested with the OpenVMS OSU HTTP server up to
     the most current release.

   * The updated replacement .OPT link files which can be found in the file
     OSU_SSL.ZIP.

   * The updated replacement TSERVER_TCPSHR_INSTALL.COM file.

   * Updated/upgraded WWWSSL.COM file.

   * Either DEC's MMS or Matt Madison's MMK "make" utility. Matt Madison's
     MMK utility can be found at ftp://ftp.madgoat.com/madgoat/MMK.zip

With that said and done, here are the instructions for building the OSU
HTTPD server with SSL support using the SSL_TASK program.

  1. If you don't have the OSU HTTPD server already installed and running
     you need to unpack the OSU distribution kit somewhere. (For the purpose
     of this discussion we'll assume you unpacked it in a directory called
     DISK$WORK:[HTTP_SERVER]).

     If you already have the OSU HTTPD server installed, you are set.

  2. Go to the [.BASE_CODE] directory in the OSU HTTPD distribution.

  3. Unpack the OSU_SSL.ZIP files into your [.BASE_CODE] directory replacing
     the files.

  4. You need to build the OSU HTTPD server so that it will use the
     shareable image TCP/IP interface. This is done as follows.

             $ MMS/MACRO=(SHARE_TCP=xxxx)


     Where the "xxxx" is one of the following.

                     CMUTCP          CMU TCP/IP
                     MULTINET        Multinet TCP/IP
                     TCPWARE         TCPWare TCP/IP
                     TWGTCP          Pathway TCP/IP
                     UCXTCP          DEC UCX TCP/IP


  5. When that is done running, you need to compile the TSERVER_SSL.C and
     SSL_SERVER_DNET.C

             $ CC TSERVER_SSL.C
             $ CC SSL_SERVER_DNET.C


  6. You now need to link the DECNet SSL server. Go to your OSU [.BASE_CODE]
     directory and execute the following.

             $ MMK TSERVER_SSL.EXE/FORCE/MACRO=(SSL=SSL_SERVER_DNET)


  7. If that went well you should have the file TSERVER_SSL.EXE in your OSU
     [.SYSTEM] directory.

  8. Unpack the updated replacement TSERVER_TCPSHR_INSTALL.COM file and
     place it in the OSU HTTPD [.SYSTEM] directory.

     If you didn't compile the SSL_TASK.EXE when you built your OpenSSL
     library, go to the [.OPENSSL-0_9_3.SSL] directory and use the
     SSL-LIB.COM script to build it, it accepts the following parameters.

          P1:        ALL        Just build everything.
                     LIBRARY    Just build the SSL Library
                     SSL_TASK   Just build the SSL_TASK.EXE

          P2:        RSAREF     Compile using RSAREF routines.
                     NORSAREF   Don't compile using the RSAREF routines.

          P3:        DEBUG      Compile with debug information.
                     NODEBUG    Compile without debug information.

          P4:        VAXC       Use the VAXC compiler.
                     DECC       Use the DECC compiler.
                     GNUC       Use the GNUC compiler.

          P5:        UCX        Use the UCX TCP/IP routines.
                     SOCKETSHR  Use the SOCKETSHR TCP/IP routines.


     You have to use the same options you originally used when you built the
     OpenSSL library. You don't have to build the entire SSL library again,
     just the SSL_TASK.

  9. Copy your SSL server certificate into the OpenSSL SSLCERTS: directory.
     (you don't have to, but it helps to keep everything together.) and make
     sure it is readable by whatever account the OSU HTTPD server runs
     under.

 10. Unpack the updated/upgraded WWWSSL.COM and place it in the root
     directory of the OSU HTTPD server.

     You might want to look this script over as you can define where you
     have the SSL_TASK.EXE and your SSL certificate if you choose not to
     place them in the SSLEXE: and SSLCERTS: directory as well defining an
     alternate location for the WWWSSL.LOG file.

 11. Now you just need to startup the HTTPD server on port 80 and 443 like
     the following.

             $ @DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_STARTUP.COM HTTP_SERVER -
                DISK$WORK:[HTTP_LOGS]HTTP_ERROR.LOG -
                DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_MAIN.CONF -
                80 443


     And if the server starts up correctly, you should be able to get a
     secure connection using "https".

----------------------------------------------------------------------------

4.2 Building OSU HTTPD SSL_ENGINE Support.

This documentation on intergrating OpenSSL into the OSU HTTPD SSL_ENGINE was
written and tested for OSU HTTPD v3.5 and later. If you have a previous
version of OSU HTTPD, the steps should be similar and will help you in
getting the SSL_ENGINE compiled, but some of the essential files are only
included in OSU v3.5 and later so your milage may vary and we recommend
upgrading to OSU v3.5 to solve any potential problems.

This assumes that you have done the following.

   * Compiled OpenSSL for OpenVMS as outlined in Compiling OpenSSL for
     OpenVMS.

   * Installed the OpenSSL files as outlined in Installing OpenSSL for
     OpenVMS.

   * Configured the necessary files as outlined in Configuring files for
     generating your own SSL certificates.

   * And executed the OPENSSL_STARTUP.COM file.

You will also need the following if you don't have it already.

   * You have a copy of the OSU HTTPD server either already installed or are
     about to install it.

     The OSU HTTPD server can be found at
     http://kcgl1.eng.ohio-state.edu/www/doc/serverinfo.html

   * The updated replacement .OPT link files which can be found in the file
     OSU_SSL.ZIP.

   * The updated replacement TSERVER_TCPSHR_INSTALL.COM file.

   * Updated/upgraded WWWSSL.COM file.

   * Either DEC's MMS or Matt Madison's MMK "make" utility. Matt Madison's
     MMK utility can be found at ftp://ftp.madgoat.com/madgoat/MMK.zip

With that said and done, here are the instructions for building the OSU
HTTPD server with SSL support using the SSL_ENGINE program.

  1. If you don't have the OSU HTTPD server already installed and running
     you need to unpack the OSU distribution kit somewhere. (For the purpose
     of this discussion we'll assume you unpacked it in a directory called
     DISK$WORK:[HTTP_SERVER]).

     If you already have the OSU HTTPD server installed, you are set.

  2. Go to the [.BASE_CODE] directory in the OSU HTTPD distribution.

  3. Unpack the OSU_SSL.ZIP files into your [.BASE_CODE] directory replacing
     the files.

  4. You need to build the OSU HTTPD server so that it will use the
     shareable image TCP/IP interface. This is done as follows.

             $ MMS/MACRO=(SHARE_TCP=xxxx)


     Where the "xxxx" is one of the following.

                     CMUTCP          CMU TCP/IP
                     MULTINET        Multinet TCP/IP
                     TCPWARE         TCPWare TCP/IP
                     TWGTCP          Pathway TCP/IP
                     UCXTCP          DEC UCX TCP/IP


  5. When that is done running, you need to compile the TSERVER_SSL.C,
     SSL_SERVER_DNET.C and SSL_ENGINE.EXE

             $ CC TSERVER_SSL.C
             $ CC SSL_SERVER_DNET.C
             $ CC SSL_ENGINE.C


  6. Now, you need to look at the BSS_MST.C file in an editor. If you see
     the line #include "cryptlib.h" you need to remove that line and replace
     it with #include "bio.h"

     With that done, you can save the file and exit the editor.

  7. If you compiled OpenSSL with RSAREF support, you need to edit the
     SSL_ENGINE.OPT and SSL_LIBRARIES.OPT file and uncomment the line for
     the LIBRSAGLUE library.

  8. You now need to compile the SSL_THREADED.C and BSS_MST.C files as
     follows.

             $ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID -
                 /INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") -
                 SSL_THREADED.C
             $ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID -
                 /INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") -
                 BSS_MST.C


  9. Link the SSL_ENGINE.EXE with the following command.

             $ LINK/NOTRACEBACK/EXE=SSLEXE:SSL_ENGINE.EXE SSL_ENGINE.OPT/OPT


     If all went well, you should have SSL_ENGINE.EXE in your SSLEXE:
     directory. You need to make sure the protection on the
     SSLEXE:SSL_ENGINE.EXE file is set to
     (SYSTEM:RWED,OWNER:RWED,GROUP,WORLD:RE) so execute the following to
     make sure.

             $ SET FILE SSLEXE:SSL_ENGINE.EXE/PROTECTION=(SYSTEM:RWED,OWNER:RWED,GROUP,WORLD:RE)


 10. The SSL_ENGINE needs to be installed with SYSNAM privs. Install the
     SSLEXE:SSL_ENGINE.EXE as follows.

             $ INSTALL ADD SSLEXE:SSL_ENGINE.EXE/PRIVS=(SYSNAM)


     I would advise adding the above to your OSU startup script so it is
     executed when the server is started up.

 11. You now need to link the DECNet SSL server. Go to your OSU [.BASE_CODE]
     directory and execute the following.

             $ MMK TSERVER_SSL.EXE/FORCE/MACRO=(SSL=SSL_SERVER_DNET)


 12. If that went well you should have the file TSERVER_SSL.EXE in your OSU
     [.SYSTEM] directory.

 13. Unpack the updated replacement TSERVER_TCPSHR_INSTALL.COM file and
     place it in the OSU HTTPD [.SYSTEM] directory.

 14. Copy your SSL server certificate into the OpenSSL SSLCERTS: directory.
     (you don't have to, but it helps to keep everything together.) and make
     sure it is readable by whatever account the OSU HTTPD server runs
     under.

 15. Unpack the updated/upgraded WWWSSL.COM and place it in the root
     directory of the OSU HTTPD server.

     You might want to look this script over as you can define where you
     have the SSL_ENGINE.EXE and your SSL certificate if you choose not to
     place them in the SSLEXE: and SSLCERTS: directory as well defining an
     alternate location for the WWWSSL.LOG file.

 16. Now you just need to startup the HTTPD server on port 80 and 443 like
     the following.

             $ @DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_STARTUP.COM HTTP_SERVER -
                DISK$WORK:[HTTP_LOGS]HTTP_ERROR.LOG -
                DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_MAIN.CONF -
                80 443


     And if the server starts up correctly, you should be able to get a
     secure connection using "https".

----------------------------------------------------------------------------

4.3 Building OSU HTTPD MST SSL Support.

This documentation on intergrating OpenSSL into the OSU HTTPD MST SSL server
and was written and tested for OSU HTTPD v3.5 and later. If you have a
previous version of OSU HTTPD, the steps should be similar and will help you
in getting the MST SSL server compiled, but some of the essential files are
only included in OSU v3.5 and later so your milage may vary and we recommend
upgrading to OSU v3.5 to solve any potential problems.

This assumes that you have done the following.

   * Compiled OpenSSL for OpenVMS as outlined in Compiling OpenSSL for
     OpenVMS.

   * Installed the OpenSSL files as outlined in Installing OpenSSL for
     OpenVMS.

   * Configured the necessary files as outlined in Configuring files for
     generating your own SSL certificates.

   * And executed the OPENSSL_STARTUP.COM file.

You will also need the following if you don't have it already.

   * You have a copy of the OSU HTTPD server either already installed or are
     about to install it.

     The OSU HTTPD server can be found at
     http://kcgl1.eng.ohio-state.edu/www/doc/serverinfo.html

   * The updated replacement .OPT link files which can be found in the file
     OSU_SSL.ZIP.

   * The updated replacement TSERVER_TCPSHR_INSTALL.COM file.

   * Either DEC's MMS or Matt Madison's MMK "make" utility. Matt Madison's
     MMK utility can be found at ftp://ftp.madgoat.com/madgoat/MMK.zip

With that said and done, here are the instructions for building the OSU
HTTPD server with MST SSL server support.

  1. If you don't have the OSU HTTPD server already installed and running
     you need to unpack the OSU distribution kit somewhere. (For the purpose
     of this discussion we'll assume you unpacked it in a directory called
     DISK$WORK:[HTTP_SERVER]).

     If you already have the OSU HTTPD server installed, you are set.

  2. Go to the [.BASE_CODE] directory in the OSU HTTPD distribution.

  3. Unpack the OSU_SSL.ZIP file into your [.BASE_CODE] directory replacing
     the files.

  4. You need to build the OSU HTTPD server so that it will use the
     shareable image TCP/IP interface. This is done as follows.

             $ MMS/MACRO=(SHARE_TCP=xxxx)


     Where the "xxxx" is one of the following.

                     CMUTCP          CMU TCP/IP
                     MULTINET        Multinet TCP/IP
                     TCPWARE         TCPWare TCP/IP
                     TWGTCP          Pathway TCP/IP
                     UCXTCP          DEC UCX TCP/IP


  5. When that is done running, you need to compile the TSERVER_SSL.C and
     SSL_SERVER_MST.C

             $ CC TSERVER_SSL.C
             $ CC SSL_SERVER_MST.C


  6. Now, you need to look at the BSS_MST.C file in an editor. If you see
     the line #include "cryptlib.h" you need to remove that line and replace
     it with #include "bio.h"

     With that done, you can save the file and exit the editor.

  7. If you compiled OpenSSL with RSAREF support, you need to edit the
     SSLSHR_SERVER_MST.OPT and SSL_LIBRARIES.OPT file and uncomment the line
     for the LIBRSAGLUE library.

  8. You now need to compile the SSL_THREADED.C and BSS_MST.C files as
     follows.

             $ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID -
                 /INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") -
                 SSL_THREADED.C
             $ CC/STANDARD=ANSI89/PREFIX=ALL/WARNING=DISABLE=DOLLARID -
                 /INCLUDE=SSLINCLUDE:/DEFINE=("FLAT_INC=1","VMS=1") -
                 BSS_MST.C


  9. You now need to link the MST SSL server. Go to your OSU [.BASE_CODE]
     directory and execute the following.

             $ MMK TSERVER_SSL.EXE/FORCE/MACRO=(SSL=SSL_SERVER_MST)


 10. If that went well you should have the file TSERVER_SSL.EXE in your OSU
     [.SYSTEM] directory.

 11. Unpack the updated replacement TSERVER_TCPSHR_INSTALL.COM file and
     place it in the OSU HTTPD [.SYSTEM] directory.

 12. Copy your SSL server certificate into the OpenSSL SSLCERTS: directory.
     (you don't have to, but it helps to keep everything together.) and make
     sure it is readable by whatever account the OSU HTTPD server runs
     under.

 13. You now need to define the following logicals as /SYSTEM/EXECto
     customize your installation of the MST SSL server.

             WWWSSL_MST_THREAD_LIMIT  :  The Maximum Number Of SSL Threads Allowd.
                                         (Default is 10)

             WWWSSL_MST_STACK_SIZE    :  The Stack Size For SSL Server Threads.
                                         (Default is 60000)

             WWWSSL_MST_QUEUE_FLAG    :  Weather Or Not To Wait For Next Available Thread.
                                         (TRUE or FALSE value)

             WWWSSL_MST_CERTIFICATE   :  Location Of The Server's SSL Certificate.
             WWWSSL_MST_LOGFILE       :  Location To Put The MST SSL Log File.
             WWWSSL_MST_VERSION       :  Which versions of SSL To Use 2, 3 or 23
                                         (Default is 2)


     Here's an example...

             $ DEFINE/SYSTEM/EXEC WWWSSL_MST_THREAD_LIMIT 15
             $ DEFINE/SYSTEM/EXEC WWWSSL_MST_STACK_SIZE 90000
             $ DEFINE/SYSTEM/EXEC WWWSSL_MST_QUEUE_SIZE TRUE
             $ DEFINE/SYSTEM/EXEC WWWSSL_MST_CERTIFICATE SSLCERTS:SERVER.PEM
             $ DEFINE/SYSTEM/EXEC WWWSSL_MST_LOGFILE DISK$HTTP:[HTTP_LOGS]SSL_MST.LOG
             $ DEFINE/SYSTEM/EXEC WWWSSL_MST_VERSION 23


     I recomend putting the defines in your OSU HTTP startup file.

 14. Now you just need to startup the HTTPD server on port 80 and 443 like
     the following.

             $ @DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_STARTUP.COM HTTP_SERVER -
                DISK$WORK:[HTTP_LOGS]HTTP_ERROR.LOG -
                DISK$WORK:[HTTP_SERVER.SYSTEM]HTTP_MAIN.CONF -
                80 443


     And if the server starts up correctly, you should be able to get a
     secure connection using "https".

----------------------------------------------------------------------------
[Previous] [Next] [Table of Contents]
[Image]  [Image]
