SUN安装过程(Solaris8 apache2 weblogic813 db2_82客户端 128 ssl证书
前言
最近做了一个项目,系统架构是前端sun280(apache2+weblogic813+128位的ssl证书)+IBM open power 720(db2 82 ESE版本) 。实施完成以后,把前端的web应用服务的调试总结出来,希望对有次应用cu的xdjm有所帮助 。
本人声明如需转载请保留如下信息:
作者:SOLARIS小兵
MAIL:solarisxb@hotmail.com
FROM:WWW.CHINAUnix.NET
一、系统信息:
1、安装solaris8
solaris8 02/4(三张盘)
# uname -a
SunOS BJ-APP1 5.8 Generic_117350-15 sun4u sparc SUNW,Sun-Blade-1000
2、打补丁:
8_Recommended(149MB)
3、系统tcp优化:
修改系统参数/etc/system
set rlim_fd_cur=81920
set rlim_fd_max=81920
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 2048
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 8192
二、安装apache2软件:
1、安装系统软件:运行apache2软件需要如下软件包:
apache-2.0.52-sol8-sparc-local
libiconv-1.8-sol8-sparc-local
db-4.2.52.NC-sol8-sparc-local
libtool-1.5-sol8-sparc-local
expat-1.95.5-sol8-sparc-local
gcc-3.4.2-sol8-sparc-local
openssl-0.9.7e-sol8-sparc-local
gdb-6.0-sol8-sparc-local
gdbm-1.8.3-sol8-sparc-local
glib-2.2.3-sol8-sparc-local
libghttp-1.0.6-sol8-sparc-local
2、安装管理软件包:
top-3.5beta12-sol8-sparc3264-local
nmap-2.54BETA28-sol8-sparc-local
ssh-3.2.5.tar.gz
3、安装ssl临时证书:
ssl.ca-0.1.tar.gz
生成临时ssl的key 。可以参考:http://dev.csdn.net/develop/article/33/33020.shtm
现在没有这个工具了,只能自己动手生成了,对证书不熟悉的人,有一个工具可以使用:http://www.openssl.org/contrib/ssl.ca-
0.1.tar.gz
# cd /usr/local/apache2/conf
# tar zxvf ssl.ca-0.1.tar.gz
# cd ssl.ca-0.1
# ./new-root-ca.sh (生成根证书)
No Root CA key round. Generating one
Generating RSA private key, 1024 bit long modulus
...........................
....
e is 65537 (0x10001)
Enter pass phrase for ca.key: (输入一个密码)
Verifying - Enter pass phrase for ca.key: (再输入一次密码)
......
Self-sign the root CA... (签署根证书)
Enter pass phrase for ca.key: (输入刚刚设置的密码)
........
........ (下面开始签署)
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:JiangSu
Locality Name (eg, city) [Sitiawan]:NanJing
Organization Name (eg, company) [My Directory Sdn Bhd]:Wiscom System Co.,Ltd
Organizational Unit Name (eg, section) [Certification Services Division]:ACSTAR
Common Name (eg, MD Root CA) []:WISCOM CA
Email Address []:acmail@wiscom.com.cn
这样就生成了ca.key和ca.crt两个文件,下面还要为我们的服务器生成一个证书:
# ./new-server-cert.sh server (这个证书的名字是server)
......
......
Country Name (2 letter code) [MY]:CN
State or Province Name (full name) [Perak]:JiangSu
Locality Name (eg, city) [Sitiawan]:NanJing
Organization Name (eg, company) [My Directory Sdn Bhd]:Wiscom System Co.,Ltd
Organizational Unit Name (eg, section) [Secure Web Server]:ACSTAR
Common Name (eg, www.domain.com ) []:acmail.wiscom.com.cn
Email Address []:acmail@wiscom.com.cn
这样就生成了server.csr和server.key这两个文件 。
还需要签署一下才能使用的:
# ./sign-server-cert.sh server
CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key: (输入上面设置的根证书密码)
Check that the request matches the signature
Signature ok
The Subject"s Distinguished Name is as follows
countryName :PRINTABLE:"CN"
stateOrProvinceName :PRINTABLE:"JiangSu"
localityName :PRINTABLE:"NanJing"
organizationName :PRINTABLE:"Wiscom System Co.,Ltd"
organizationalUnitName:PRINTABLE:"ACSTAR"
