SLES

Not sure exactly why you need to manually modify Apache configs if you install using the Novell RPMs, but guess you do cuz the php shit just don’t work until you do the following.

zypper in apache2Â apache2-mod_php53 php53 Â (and whatever else php53 mods you need)

copy in the php.ini, my install got this installed , but I’ve seen where there isn’t one.

cp /etc/php5/apache2/php.ini.template (or .example or .rpmnew) /etc/php5/apache2/php.ini

vi /etc/sysconfig/apache2

look for APACHE_MODULES= and add php5 rewrite. Â Save. Exit.

APACHE_MODULES=”actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl php5 suexec userdir Â reqtimeout rewrite”

I’ve never even knew this “SuSEconfig” command even existed but apparently it does, anyhow you need to run it..heh.

# SuSEconfig && rcapache2 restart

You should see your Apache modules using, look for php5 and rewrite

# apache2ctl -M

Now list your php modules with

# php -m

If you missing anything, you add use zypper to install em.

drop a phpinfo test file on apache root.

vi testme.php

<?php
phpinfo();
?>

should work.

On the SMT installation I recently did, I ranÂ into some issues with the creation of the server certs.Â Â SMT defaults to you using the Yast_Default_CA.Â Don’t bother trying to create a new one as it will not work since the clients will be looking for Yast_Default_CA.Â Â So the directions specify you open that cert up by yast2 ca_mgmÂ , select cert and Enter CA.Â This will ask you for a password.Â Now for mine I had no idea what the password was, tried the root password …yeah I just basically tried the root password and that failed.Â Â Well you need to create a server cert based off this CA and if you don’t well you can’t use SMT.

Here’s what I did to re-create the Yast_Default_CA cert

Delete the old CA

<ol>
	<li>Since YaST does not allow to delete the existing CA as long it has not expired, we have to delete the related files manually.</li>
	<li>Open up a shell and change to the /var/lib/CAM and move the directory of the existing CA to /tmp/, e.g. by executing "mv YaST_Default_CA /tmp/". Attention: Do not move or delete the ".cas" directory.</li>
</ol>

<ol>

<li>Since YaST does not allow to delete the existing CA as long it has not expired, we have to delete the related files manually.</li>

<li>Open up a shell and change to the /var/lib/CAM and move the directory of the existing CA to /tmp/, e.g. by executing "mv YaST_Default_CA /tmp/". Attention: Do not move or delete the ".cas" directory.</li>

</ol>

Create root CA

<ol>
	<li>From the root shell start 'yast2 ca_mgm'.</li>
	<li>Select 'Create Root CA'.</li>
	<li>For "CA Name" and "Common Name" enter "YaST_Default_CA". Please note not to use the server name or server FQDN in here, since this would complicate later error analysis!</li>
	<li>Enter the email address of the issuer (and select "add") and enter optional information such as organization, unit, locality, state and country.</li>
	<li>Select "Next".</li>
	<li>Choose the password, length of the key and its validity.</li>
	<li>Select "Next" to see an overview about the CA.</li>
	<li>Select "Create" to create the CA.</li>

<ol>

<li>From the root shell start 'yast2 ca_mgm'.</li>

<li>Select 'Create Root CA'.</li>

<li>For "CA Name" and "Common Name" enter "YaST_Default_CA". Please note not to use the server name or server FQDN in here, since this would complicate later error analysis!</li>

<li>Enter the email address of the issuer (and select "add") and enter optional information such as organization, unit, locality, state and country.</li>

<li>Select "Next".</li>

<li>Choose the password, length of the key and its validity.</li>

<li>Select "Next" to see an overview about the CA.</li>

<li>Select "Create" to create the CA.</li>

Create server certificate

<ol>
	<li>Select the newly created CA in the YaST2 CA management module.</li>
	<li>Press "Enter CA".</li>
	<li>Enter the CA password.</li>
	<li>Select the Certificates tab.</li>
	<li>Click on "Add" and choose Server Certificate.</li>
	<li>Provide the requested data:</li>
	<li>For Common Name put in the fully qualified domain name of the server (FQDN) of the server, for example "smt-server.example.net". This is mandatory!</li>
	<li>Add an valid email address of the server administrator and press "Add".</li>
	<li>Press "Next".</li>
	<li>Here it is possible to either use the CA password for the server certificate or a different one. Also key lengt and validity may be changed.</li>
	<li>Optional: Enter the IP Adress of the server as Subject Alternative Name. This ensures that clients can connect to the server via IP address.
<ul>
	<li>Select 'Advanced Options'.</li>
	<li>Select 'Subject Alt Name' (not to be confused with Issuer Alt Name!!).</li>
	<li>Select 'Add'.</li>
	<li>Choose 'IP' and put in the IP address of the server.</li>
	<li>Select 'Ok'.</li>
</ul>
</li>
	<li>Select 'Next' to get to an overview over the certificate.</li>
	<li>Select 'Create' to create the server certificate.</li>
</ol>

<ol>

<li>Select the newly created CA in the YaST2 CA management module.</li>

<li>Press "Enter CA".</li>

<li>Enter the CA password.</li>

<li>Select the Certificates tab.</li>

<li>Click on "Add" and choose Server Certificate.</li>

<li>Provide the requested data:</li>

<li>For Common Name put in the fully qualified domain name of the server (FQDN) of the server, for example "smt-server.example.net". This is mandatory!</li>

<li>Add an valid email address of the server administrator and press "Add".</li>

<li>Press "Next".</li>

<li>Here it is possible to either use the CA password for the server certificate or a different one. Also key lengt and validity may be changed.</li>

<li>Optional: Enter the IP Adress of the server as Subject Alternative Name. This ensures that clients can connect to the server via IP address.

<ul>

<li>Select 'Advanced Options'.</li>

<li>Select 'Subject Alt Name' (not to be confused with Issuer Alt Name!!).</li>

<li>Select 'Add'.</li>

<li>Choose 'IP' and put in the IP address of the server.</li>

<li>Select 'Ok'.</li>

</ul>

</li>

<li>Select 'Next' to get to an overview over the certificate.</li>

<li>Select 'Create' to create the server certificate.</li>

</ol>

Export the certificate as common server certificate, so that the http server apache uses it

<ol>
	<li>On the certificates tab locate the "Export" button.</li>
	<li>Select "Export as common server certificate".</li>
	<li>Enter the password that was chosen for the server certificate.</li>
	<li>A message "Certificate has been written as common server certificate" will be displayed.</li>
</ol>

<ol>

<li>On the certificates tab locate the "Export" button.</li>

<li>Select "Export as common server certificate".</li>

<li>Enter the password that was chosen for the server certificate.</li>

<li>A message "Certificate has been written as common server certificate" will be displayed.</li>

</ol>

Export the CA certificate to the smt.crt file

<ol>
	<li>In the YaST2 CA management module change to the "Description" tab and select "Advanced / Export to File".</li>
	<li>Select "Only the Certificate in PEM Format" and enter "/srv/www/htdocs/smt.crt" as the filename.</li>
	<li>Select "Ok" to export the file.</li>
	<li>Leave YaST.</li>
</ol>

<ol>

<li>In the YaST2 CA management module change to the "Description" tab and select "Advanced / Export to File".</li>

<li>Select "Only the Certificate in PEM Format" and enter "/srv/www/htdocs/smt.crt" as the filename.</li>

<li>Select "Ok" to export the file.</li>

<li>Leave YaST.</li>

</ol>

Restart SMT

<ol>
	<li>Restart the smt server by entering "rcsmt restart" into the root shell. This will also restart the http server apache, so that apache uses the new certificate.</li>
</ol>

<ol>

<li>Restart the smt server by entering "rcsmt restart" into the root shell. This will also restart the http server apache, so that apache uses the new certificate.</li>

</ol>

Import the newly created CA to the SMT clients

<ol>
	<li>Execute "clientSetup4SMT.sh --host smt-server.example.net" (adjust the FQDN to your SMT server) to import the new CA to the SMT clients and to make the clients to trust the new CA. On SLE 11 clients you can alternatively use the "yast2 inst_suse_register" module (select "Advanced" and follow the instructions).</li>
	<li>Execute "suse_register -L /root/.suse_register.log" to register the client against the SMT server.</li>
</ol>

<ol>

<li>Execute "clientSetup4SMT.sh --host smt-server.example.net" (adjust the FQDN to your SMT server) to import the new CA to the SMT clients and to make the clients to trust the new CA. On SLE 11 clients you can alternatively use the "yast2 inst_suse_register" module (select "Advanced" and follow the instructions).</li>

<li>Execute "suse_register -L /root/.suse_register.log" to register the client against the SMT server.</li>

</ol>

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30

UnixDude

"To be a warrior is not a simple matter of wishing to be one. It is rather an endless struggle that will go on to the very last moment of our lives. Nobody is born a warrior, in exactly the same way that nobody is born an average man. We make ourselves into one or the other." --Kokoro

All posts tagged SLES

SLES11.2 Apache / PHP53 setup

Add repo to zypper

How to recreate SMT 11 CA and server certificate

Zypper cheatsheets

SLES 11 to SLES11.2 using SMT

Categories

Archives

Spam Blocked

Recent Posts

LinuxSecurity – Security Articles

Unknown Feed

Categories

Spam Blocked

Recent Posts

LinuxSecurity – Security Articles

Unknown Feed

My Steam’s Game WishList