Apache Upgrade For Content Server

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 6

Apache Upgrade

Apache Installation.........................................................................................................................................1
Creating Certificate Requests.........................................................................................................................5

Apache Installation
1. Verify the content server is working by using CSADMIN.
2. Verify offline backup successful.
3. Ensure there is an ANSI C compiler installed. Type “gcc -v”.
As root:
root@r3csdbq1:/root> gcc -v
Using built-in specs.
Target: powerpc-ibm-aix5.3.0.0
Configured with: ../configure --with-as=/usr/bin/as --with-
ld=/usr/bin/ld --enable-languages=c,c++,java --prefix=/opt/freeware
--enable-threads --enable-version-specific-runtime-libs --host=powerpc-
ibm-aix5.3.0.0 --target=powerpc-ibm-aix5.3.0.0 --build=powerpc-ibm-
aix5.3.0.0 --disable-libjava-multilib
Thread model: aix
gcc version 4.2.0
root@r3csdbq1:/root> which gcc
/usr/bin/gcc
root@r3csdbq1:/root>
4. Become root. Default umask must be 022.
5. Verify .cshrc for sidadm and sqdsid to include. :

set path = ( /usr/<SID>/apache/bin:/opt/pware64/bin $path )


setenv LIBPATH /opt/pware64/lib
set prompt="`hostname`:$USER \!> "
alias lst 'ls -lrt|tail -20'
alias cdback 'cd /usr/openv/netbackup/ext/db_ext/sap'
alias cdlog 'cd /sapdb/data/wrk/<SID>/'
alias h 'history'
alias startap /usr/<SID>/apache/bin/apachectl start
alias stopap /usr/<SID>/apache/bin/apachectl stop
alias cdap cd /usr/<SID>/apache
set history = 100

6. Stop Apache. As sidadm stopap.


7. Delete exiting Apache:
As root:
cd /usr/CQB/apache
rm -rf *
8. Run the below commands as root to install Apache. Apache should be installed prior to starting
sapinst, it reads some of the Apache environment settings as part of the install. Files are created in
the apache install directory (/admdata/sapcd/cs640/httpd-2.0.63) so it needs to be writable. If you
experience issues with a re-install, delete the install directory and re-extract the tar file from
/admdata/sapcd/cs640.

As root :
cd /usr/CQB/apache
tar -xvf /admdata/sapcd/cs640/httpd-2.0.63.tar

Install Apache
unset CFLAGS EXTRA_LDFLAGS_SHLIB OBJECT_MODE
unset LDFLAGS LIBPATH LIBS LD_LIBRARY_PATH
export CC="gcc -maix64"
export PERL=/usr/opt/perl5/bin/perl
export LD_LIBRARY_PATH=/opt/pware64/lib
export LIBS="-L/opt/pware64"
export LIBPATH=/opt/pware64/lib
export CPPFLAGS="-I/opt/pware64/include/openssl"
export OBJECT_MODE=64
cd /usr/CQB/apache/httpd-2.*

chmod -R 777 *
/usr/sbin/slibclean

If failed make previously, make clean

./configure --prefix=/usr/CQB/apache --with-mpm=prefork --enable-ssl=shared


--with-ssl=/opt/pware64 --with-included-apr

make

make install

9. Change ownership from root to sidadm:sapsys and set sticky bit.


chown -R cqbadm:sapsys /usr/CQB/apache
chmod 775 /usr/CQA/apache
chown root /usr/CQA/apache/bin/httpd
chmod 4755 /usr/CQA/apache/bin/httpd
10. Copy new conf files:
For CQA/B:
cp /admdata/sapcd/cs640/conf/CSQ/httpd*conf /usr/CQB/apache/conf
For CSD/CSP:
cp /admdata/sapcd/cs640/conf/httpd*conf /usr/apache/conf
11. Adjust the configuration file /usr/CQB/apache/conf/httpd.conf. Change the line User to
sidadm.
 User cqbadm
 CSConfigPath /home/cqbadm/conf/cs.conf
 For multi Apache install change all CQA to new SID.

The below changes should already be made:


Group sapsys
Listen 1090 (1092 for CQB)
Uncomment #Include conf/extra/httpd-ssl.conf
12. Modify the configuration file /usr/CQB/apache/conf/httpd-ssl.conf uses port 1091 (1093 for
CQB) and not 443. For multi Apache install change all CQA to new SID.
13. Verify sidadm can navigate to the directory /usr/apache/htdocs and the /usr/apache directory and it’s
subdirectories are owned by sidadm.
14. Copy certs if they have already been generated.
cp /admdata/sapcd/cs640/certs/CSQ/* /usr/apache/conf
chown <sid>adm:sapsys /usr/apache/conf/*
15. Su to sidadm and verify PATH and LIBPATH are set from above change in .cshrc for sidadm..
16. Create the following links:
cd /usr/CQB/apache/modules
ln -s /home/cqbadm/modules/libsapsecu.o libsapsecu.o
ln -s /home/cqbadm/modules/mod_sapcs2.o mod_sapcs2.o
17. Verify the /usr/apache/conf/httpd.conf file has these entries:

Add the line in blue:


LoadModule sapcs_module modules/mod_sapcs2.o
LoadModule ssl_module modules/mod_ssl.so

Add these lines to the end:


<IfModule mod_sapcs.cpp>
# AddModuleInfo ContentServer "SAP Content Server 640/0 (Prototype) (C)
SAP AG 1998, 2001"
CSConfigPath /home/<sid>adm/conf/cs.conf

<Location /sapcs>
SetHandler sapcs_module
Allow from all
</Location>

<Location /ContentServer/ContentServer.dll>
SetHandler sapcs_module
Allow from all
</Location>

<Location /contentserver/contentserver.dll>
SetHandler sapcs_module
Allow from all
</Location>

</IfModule>
18. As sidadm start Apache with the command: /usr/apache/bin/apachectl start
19. Verify Apache is started, check files in /usr/apache/logs if errors.
% ps -ef|grep apa
csqadm 180324 1 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
csqadm 274432 180324 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
csqadm 299244 180324 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
csqadm 397552 180324 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
csqadm 405642 180324 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
csqadm 413898 180324 0 12:28:09 - 0:00 /usr/apache/bin/httpd -k start
20. Check website http://r3csdbq1.sempra.com:1090/ This should return the following in your browser.

If you can see this, it means that the installation of the Apache web server software on this system
was successful. You may now add content to this directory and replace this page.
https://r3csdbq1.sempra.com:1091/index.html.en

21. Change OAC0 settings by using %HTTPS. Change HTTPS fields to “”HTTPS Required”
and enter the SSL port.
22. Only SSL Server and SSL Client (Standard) need to have non-self sign certificates. Import the
Content Server certificate that has been signed by Sempra and installed into Apache into both PSE’s.
The certs are located at S:\BASIS\_mtettenb\Certificates.
 Double Click the entry under SSL Server.
 Click “Import Certificate”

 Find the appropriate .crt file and select the Base64 radio button and click check. Or select
the *.cer file and select Binary.

 Click Add certificate to List.


 Repeat for SSL Client Standard and the certificates should be added as below:
23. You must bounce the server after installing the certificate.
24. After SAP is up, you should be able to connect using CSADMIN or OAC0.

Creating Certificate Requests


25. If you need to create Certificates follow these steps.
 Create CSR request: (For help: http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert)
cd /usr/apache/conf
Not working Create server key: openssl rsa -noout -text -in server.key
Create server key: openssl genrsa -des3 -out server.key 2048 (pass test)
Create CSR: openssl req -new -key server.key -out server.csr
View CSR: openssl req -noout -text -in server.csr

Country Name (2 letter code) [AU]:US


State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Diego
Organization Name (eg, company) [Internet Widgits Pty
Ltd]:Sempra Energy Utilities
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:r3csdbd1.sempra.com
Email Address []:mtettenburn@semprautilities.com

Please enter the following 'extra' attributes


to be sent with your certificate request
A challenge password []:
An optional company name []:

;KEY SIZE INFORMATION


;Key Size = 2048-bits RSA, SHA-1

---------INTERNAL CSR INFORMATION-----------------


CN = (FQDN_OF_APPLICATION/SERVER)
OU = IT
O = Sempra Energy Utilities
L = (San Diego or Los Angeles ONLY)
S = CA
C = US
 Submit CSR request: https://pkiweb1.sempra.com/certsrv/ -> Request Certificate. For
assistance, the PKI admin is RBWilliams@Sempra.com.
 To receive the cert, use the website https://pkiweb1.sempra.com/certsrv/ the click Download
certificate.

 After you receive your certificate copy it to /usr/apache/conf.


cd /usr/apache/conf
Convert certification from DER to PEM:
openssl x509 -inform DER -outform PEM -in certnew.cer -out server.crt
If you need to remove the pass phrase from your key use this:
openssl rsa -in server.key -out server.key_nopass

You might also like