CentOS 5.x is old and EOL. But there are still lots of servers running this version.
I needed for a specific project to be able to run Apache + MOD_SSL on CentOS 5.x and enable TLS v1.2. Since I was not able to compile mod_ssl separately, I had to find another way.
Let’s start with OpenSSL v1.0.2a (you need to have compilers enabled and installed):
yum -y install epel-release gcc cpp gcc-c++ automake autoconf glibc-headers make cmake xmlto pcre-devel zlib-devel libselinux-devel apr-devel apr-util-devel distcache-devel db4-devel expat-devel openss-devel
cd /opt
wget https://www.openssl.org/source/openssl-1.0.2a.tar.gz
tar zxvf openssl-1.0.2a.tar.gz
cd openssl-1.0.2a
./config -fpic shared
make -j2
make install
Compile Apache on CentOS 5.x in order to use a newer openssl version:
1) Install some tools and compilers
yum -y install openssl-devel openldap-devel
2) Download apache source rpm file:
wget -c http://ftp.iij.ad.jp/pub/linux/centos-vault/5.11/updates/Source/httpd-2.2.3-92.el5.centos.src.rpm
3) Install rpm build tools and create folders for building:
yum -y install rpm-build
mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros
4) Try to install apache rpm source file (the one downloaded earlier):
rpm -Uhv httpd-2.2.3-92.el5.centos.src.rpm
5) Build a new .rpm file
cd /root/rpmbuild/SPECS
rpmbuild -ba httpd.spec
6) Compile Apache
cd /root/rpmbuild/BUILD/httpd-2.2.3
./configure --prefix=/etc/httpd --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --mandir=/usr/share/man --libdir=/usr/lib64 --sysconfdir=/etc/httpd/conf --includedir=/usr/include/httpd --libexecdir=/usr/lib64/httpd/modules --datadir=//www --with-installbuilddir=/usr/lib64/httpd/build --with-mpm=prefork --with-apr=/usr --with-apr-util=/usr --enable-suexec --with-suexec --with-suexec-caller=apache --with-suexec-docroot=//www --with-suexec-logfile=/var/log/httpd/suexec.log --with-suexec-bin=/usr/sbin/suexec --with-suexec-uidmin=500 --with-suexec-gidmin=100 --enable-pie --with-pcre --enable-mods-shared=all --enable-ssl --with-ssl=/usr/local/ssl --enable-distcache --enable-proxy --enable-cache --enable-mem-cache --enable-file-cache --enable-disk-cache --enable-ldap --enable-authnz-ldap --enable-cgid --enable-authn-anon --enable-authn-alias
7) Add new openssl library to system path Edit /etc/ld.so.conf and add at the end:
/usr/local/ssl/lib
Save the file and run this command:
ldconfig -v
8) Restart apache
/etc/init.d/httpd restart
That’s it. You’re running the default Apache-2.2.3 version from CentOS 5.x but having the latest OpenSSL. Have fun!