Skip navigation
All People > Patrick-Dussault > Patrick Dussault's Blog

For the ones who might get interested in, here are the quick steps to install Apache 2.4.2 64bit on SunOS 5.10 x86_64 with Web Agent 12SP3CR10 64bit :

 

 

Installing Apache 2.4.2 on SunOS 5.10 x86 64 bit

------------------------------------------------

 

Set the Environment variables, -m64 to compile in 64bit

Installation has been done under root profile :

-------------------------------------------------------------------

 

# export PATH=/usr/ccs/bin:/usr/sfw/bin:$PATH

# export CC=gcc

# export CFLAGS=-m64

# export CPP_FLAGS=-m64

 

Get the packages :

----------------

 

# cd /export/home/smuser/download/

# wget http://apache.mirrorcatalogs.com//apr/apr-1.4.6.tar.gz

# wget http://apache.mirrorcatalogs.com//apr/apr-util-1.4.1.tar.gz

# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.30.tar.gz

# wget http://apache.tradebit.com/pub//httpd/httpd-2.4.2.tar.gz

 

Uncompress the packages and check the result :

--------------------------------------------

 

# for i in `ls *.gz`; do gunzip $i; done; ls -ltr; for j in `ls *.tar`; do tar -xvf $j; done; ls -ltr

# for i in apr-util-1.4.1 pcre-8.30 apr-1.4.6 httpd-2.4.2; do chown -R root:root $i; done; ls -ltr

 

Check if gcc is present and executable :

--------------------------------------

 

# ls /usr/sfw/bin/gcc

 

If the package is not installed, then install it after having mounted the DVD. In this sample, DVD is

installed in /cdrom

 

# pkgadd -d /cdrom/sol_10_910_x86/Solaris_10/Product SUNWbinutils SUNWgccruntime SUNWgcc

 

Compile PCRE :

------------

 

# cd pcre-8.30

# ./configure --prefix=/export/home/smuser/sandbox/pcre --disable-cpp

# make

# make install

 

Move source of APR to the Apache source files :

---------------------------------------------

 

# cd /export/home/smuser/download/

# mv apr-util-1.4.1 httpd-2.4.2/srclib/apr-util

# mv apr-1.4.6 httpd-2.4.2/srclib/apr

 

Compile Apache :

--------------

 

# cd httpd-2.4.2

# export LIBS=-lpthread

# ./configure --enable-module=so --prefix=/export/home/smuser/sandbox/apache2.4 --with-included-apr --with-pcre=/export/home/smuser/sandbox/pcre

# make

# make install

 

Then you test it :

----------------

 

# /export/home/smuser/sandbox/apache2.4/bin/apachectl start

 

Open a browser and try to reach the machine on port 80

 

 

Install the Web Agent :

----------------------

 

# cd /export/home/smuser/download

# chmod 755 ca-wa-12.0-sp3-cr010-sol-x86-64.bin

# ./ca-wa-12.0-sp3-cr010-sol-x86-64.bin -i console

ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT

      : /export/home/smuser/sandbox/CA/webagent

 

Configure the Web Agent :

----------------------

 

# cd ../sandbox/CA/webagent/

# source ca_wa_env.sh

# ./ca-wa-config.sh -i console

 

give all details as usual in order to configure the Web Agent.

Here's a sample of a grep when we want to show only lines with "SmLimitAuthLogin: About to flush the cache" or "Saving 'AgentCommand'" key words :

 

grep -E "(SmLimitAuthLogin: About to flush the cache|Saving 'AgentCommand')" smtracedefault*.log

Here's a command to see Live from Linux box the Server and Agent commands

the Policy Server set in the Policy Store :

 

# watch -n 1 "ldapsearch -h 130.119.151.137 -p 10002 -b "ou=PolicySvr4,ou=SiteMinder,ou=Netegrity,dc=training,dc=com" -x "smCommand4=*" | egrep \"dn: smAgentCommandOID4=14|dn: smServerCommandOID4=13\""

 

Just replace the IP address, port and the dn of the Policy Store.

You'll get all information about a Server Certificate running this command :

 

# openssl s_client -connect ip_of_LDAP:port -crlf -no_ssl2

 

CONNECTED(00000003)

depth=2 CN = NITJU01-VM48583-CA

verify error:num=19:self signed certificate in certificate chain

---

Certificate chain

0 s:/DC=com/DC=ca/DC=nitju01-u137073/CN=pstore

   i:/CN=lab-NITJU01-VM91700-CA

1 s:/CN=lab-NITJU01-VM91700-CA

   i:/CN=NITJU01-VM48583-CA

2 s:/CN=NITJU01-VM48583-CA

   i:/CN=NITJU01-VM48583-CA

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIDpzCCAo+gAwIBAgIKYWgl3QAAAAAABDANBgkqhkiG9w0BAQUFADAhMR8wHQYD

VQQDExZsYWItTklUSlUwMS1WTTkxNzAwLUNBMB4XDTE2MDIyNjE1MTMzMFoXDTE3

MDIyNjEzMTI1MFowWzETMBEGCgmSJomT8ixkARkWA2NvbTESMBAGCgmSJomT8ixk

ARkWAmNhMR8wHQYKCZImiZPyLGQBGRYPbml0anUwMS11MTM3MDczMQ8wDQYDVQQD

EwZwc3RvcmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN3eJPOwrr9xK66K

L3Oe1Dcb/rUKgT4aEBDM9whZ/g9FWSztujkmdSKSt/9DZ1r48Aqp61TnbXu0Kv9T

QS9f16XbEw/yIVspAMLdsGPeENka3PWBTH1VCZTvpIjRFRDHl0gLd5jMPIk9Cq5a

ab1FyrFYjfcvImT38vX+fDEkc0zHAgMBAAGjggEpMIIBJTAdBgNVHQ4EFgQUEZa4

+RANhU8eRAWkzFAxjOQ20zswHwYDVR0jBBgwFoAUnl5h19uKtjljv5wfOtoDB19c

0YIwVwYDVR0fBFAwTjBMoEqgSIZGZmlsZTovL25pdGp1MDEtVk05MTcwMC5sYWIu

bG9jYWwvQ2VydEVucm9sbC9sYWItTklUSlUwMS1WTTkxNzAwLUNBLmNybDB8Bggr

BgEFBQcBAQRwMG4wbAYIKwYBBQUHMAKGYGZpbGU6Ly9uaXRqdTAxLVZNOTE3MDAu

bGFiLmxvY2FsL0NlcnRFbnJvbGwvbml0anUwMS1WTTkxNzAwLmxhYi5sb2NhbF9s

YWItTklUSlUwMS1WTTkxNzAwLUNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3

DQEBBQUAA4IBAQBELthP/sqPOfCMFcEMRdkKCcXqXDblni/1XvI52gqIzZkVySJ1

o0hfrhjSwCjHztdD7maozHqMHw+pOlFjx4CnsRX7ezOJ8EF3vWR6pNIC1pfKkKC6

QELhYYrOhYmFL2xRxFUPU8ePwZzUiQ2muYMhvQfVfAbxpX2Q5fOCvXuj9q23YYV1

v2xnfHofNcZm5MDCrDF9IlZB3Nx9Ny67IP6VbVRMzUicwN59iWOHHgr1RQ0nXcpc

w3GHuTb7K7gm50Pjs26LDSGMOKdgJPwcTStBf3P9Zho0usUrlHr4tSiDvut5VAG4

4KOMutti+sc/5cTyLna+1MXCumcqOWfsPDbg

-----END CERTIFICATE-----

subject=/DC=com/DC=ca/DC=nitju01-u137073/CN=pstore

issuer=/CN=lab-NITJU01-VM91700-CA

---

No client certificate CA names sent

Client Certificate Types: RSA fixed DH, DSS fixed DH, RSA sign, DSA sign

Server Temp Key: DH, 1024 bits

---

SSL handshake has read 3700 bytes and written 414 bytes

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 1024 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1

    Cipher    : DHE-RSA-AES256-SHA

    Session-ID: 8B533298A81A78E203A9584B93D1FC6AA2048D97521B43A1119A46181208196B

    Session-ID-ctx:

    Master-Key: 4A43728FF50E22F297E2C4947900DCA655075091EB61460044444BB8EAFFC792F199912E9A664AC663E3004FCF566A17

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    TLS session ticket:

    0000 - b6 60 27 07 cf c7 91 04-fe 53 3a e1 88 8d 7e ff   .`'......S:...~.

    0010 - 35 39 f6 4e 29 65 10 ca-e5 fa 8e d3 b0 22 2c bf   59.N)e.......",.

    0020 - b6 6a f5 df 66 d1 17 f6-4a 53 a6 41 bc d5 1e dc   .j..f...JS.A....

    0030 - 31 8c 4c 02 f0 6b dc c9-88 b3 1e 9c 60 87 17 c6   1.L..k......`...

    0040 - 4d 9b 25 ea 96 cb 00 1b-e3 de dd 8e 83 c1 f2 c7   M.%.............

    0050 - 0d 56 d4 a2 bd b8 b1 2a-71 a6 23 3b 01 b9 d4 79   .V.....*q.#;...y

    0060 - 45 53 c0 ef 76 fd 68 01-88 a2 da d1 18 f5 17 43   ES..v.h........C

    0070 - ed b3 b4 da 2c 2f bd 96-81 ab e7 ba 0a f9 d4 8e   ....,/..........

    0080 - 3c 06 81 bf a2 96 a7 c1-1e d9 6b bd c6 9a 4b d8   <.........k...K.

    0090 - 75 13 4f 30 20 35 17 eb-9c 28 35 a6 00 a2 84 f6   u.O0 5...(5.....

 

    Start Time: 1456921675

    Timeout   : 300 (sec)

    Verify return code: 19 (self signed certificate in certificate chain)

---

                 

read:errno=0

 

and if you want all the certificates from the certificate chain and other

details :

 

# openssl s_client -connect ip_of_LDAP:port -showcerts

 

CONNECTED(00000003)

depth=2 CN = NITJU01-VM48583-CA

verify error:num=19:self signed certificate in certificate chain

---

Certificate chain

0 s:/DC=com/DC=ca/DC=nitju01-u137073/CN=pstore

   i:/CN=lab-NITJU01-VM91700-CA

-----BEGIN CERTIFICATE-----

MIIDpzCCAo+gAwIBAgIKYWgl3QAAAAAABDANBgkqhkiG9w0BAQUFADAhMR8wHQYD

VQQDExZsYWItTklUSlUwMS1WTTkxNzAwLUNBMB4XDTE2MDIyNjE1MTMzMFoXDTE3

MDIyNjEzMTI1MFowWzETMBEGCgmSJomT8ixkARkWA2NvbTESMBAGCgmSJomT8ixk

ARkWAmNhMR8wHQYKCZImiZPyLGQBGRYPbml0anUwMS11MTM3MDczMQ8wDQYDVQQD

EwZwc3RvcmUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN3eJPOwrr9xK66K

L3Oe1Dcb/rUKgT4aEBDM9whZ/g9FWSztujkmdSKSt/9DZ1r48Aqp61TnbXu0Kv9T

QS9f16XbEw/yIVspAMLdsGPeENka3PWBTH1VCZTvpIjRFRDHl0gLd5jMPIk9Cq5a

ab1FyrFYjfcvImT38vX+fDEkc0zHAgMBAAGjggEpMIIBJTAdBgNVHQ4EFgQUEZa4

+RANhU8eRAWkzFAxjOQ20zswHwYDVR0jBBgwFoAUnl5h19uKtjljv5wfOtoDB19c

0YIwVwYDVR0fBFAwTjBMoEqgSIZGZmlsZTovL25pdGp1MDEtVk05MTcwMC5sYWIu

bG9jYWwvQ2VydEVucm9sbC9sYWItTklUSlUwMS1WTTkxNzAwLUNBLmNybDB8Bggr

BgEFBQcBAQRwMG4wbAYIKwYBBQUHMAKGYGZpbGU6Ly9uaXRqdTAxLVZNOTE3MDAu

bGFiLmxvY2FsL0NlcnRFbnJvbGwvbml0anUwMS1WTTkxNzAwLmxhYi5sb2NhbF9s

YWItTklUSlUwMS1WTTkxNzAwLUNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3

DQEBBQUAA4IBAQBELthP/sqPOfCMFcEMRdkKCcXqXDblni/1XvI52gqIzZkVySJ1

o0hfrhjSwCjHztdD7maozHqMHw+pOlFjx4CnsRX7ezOJ8EF3vWR6pNIC1pfKkKC6

QELhYYrOhYmFL2xRxFUPU8ePwZzUiQ2muYMhvQfVfAbxpX2Q5fOCvXuj9q23YYV1

v2xnfHofNcZm5MDCrDF9IlZB3Nx9Ny67IP6VbVRMzUicwN59iWOHHgr1RQ0nXcpc

w3GHuTb7K7gm50Pjs26LDSGMOKdgJPwcTStBf3P9Zho0usUrlHr4tSiDvut5VAG4

4KOMutti+sc/5cTyLna+1MXCumcqOWfsPDbg

-----END CERTIFICATE-----

1 s:/CN=lab-NITJU01-VM91700-CA

   i:/CN=NITJU01-VM48583-CA

-----BEGIN CERTIFICATE-----

MIIEpjCCA46gAwIBAgIKSoUitAABAAAAJjANBgkqhkiG9w0BAQUFADAdMRswGQYD

VQQDExJOSVRKVTAxLVZNNDg1ODMtQ0EwHhcNMTYwMjI2MTMwMjUwWhcNMTcwMjI2

MTMxMjUwWjAhMR8wHQYDVQQDExZsYWItTklUSlUwMS1WTTkxNzAwLUNBMIIBIjAN

BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHU85yPENYNVCEyKWV2IppAfZ7GN

x4tal4W5zxjgiOcw/da28mAcn/qjKTQuPMSipm2yJ6F+qSP2tR+IUT6pvGCPAlvu

MGCsmtzrf6Jsjb3JfkEeXHZ0qJOFapVeyfhlyw3i4DqquA28JxQU691AHzwVzj1n

njlT9mXm3d/EPlkXTD0KtI+9GCdby6no6DJ9rRVx5KjKoZpv4PZlpKvHUnC0fm8h

aK0Ea7EuHxo2ErP6UtohiO8AL2IG6S4N0ztMM43KOV+NqfDOxnscIL+zWQSZQdGx

1ESJMRz0jSUN2m/7GvCYXg7BF82iU3GcfImgJBdib8Urld+m6l0qllbVHQIDAQAB

o4IB4jCCAd4wEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFJ5eYdfbirY5Y7+c

HzraAwdfXNGCMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIB

hjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFJeznmeMZLSrzb2jDODc5z+2

D/L9MIGLBgNVHR8EgYMwgYAwfqB8oHqGO2h0dHA6Ly9uaXRqdTAxLXZtNDg1ODMv

Q2VydEVucm9sbC9OSVRKVTAxLVZNNDg1ODMtQ0EoMSkuY3JshjtmaWxlOi8vbml0

anUwMS1WTTQ4NTgzL0NlcnRFbnJvbGwvTklUSlUwMS1WTTQ4NTgzLUNBKDEpLmNy

bDCBwgYIKwYBBQUHAQEEgbUwgbIwVwYIKwYBBQUHMAKGS2h0dHA6Ly9uaXRqdTAx

LXZtNDg1ODMvQ2VydEVucm9sbC9uaXRqdTAxLVZNNDg1ODNfTklUSlUwMS1WTTQ4

NTgzLUNBKDEpLmNydDBXBggrBgEFBQcwAoZLZmlsZTovL25pdGp1MDEtVk00ODU4

My9DZXJ0RW5yb2xsL25pdGp1MDEtVk00ODU4M19OSVRKVTAxLVZNNDg1ODMtQ0Eo

MSkuY3J0MA0GCSqGSIb3DQEBBQUAA4IBAQBeb8MLesYEHb+eUrNOTXCFOBrXDh/q

HtTyXOtYL1bAx3de+4OVkb5ga1BSHeWXP1VdLPrNuiFWghzCpC3zxam2pzXmYsgo

rLv4G7SKSjftrlK7vqPQQOkPKoUiw7XSHRnBV/9XVD5SKYzuC4+nvm5QuyvlAmF+

u+nlWMHCrqKf1HN9XvRQSRHgHMixJmlhKk0VmUhv3mgAPdtjR1ws6pYLni6SO62j

5cYtMrPU5Ib4iNimkv2Gc5vP8nA8vx04RhyNhQ9JTcGZgKnVMgzjq2uhBxoXQf9g

qBHcVLqCxMkSjuDvMEjbr6z8S6YzgfZgiT+C6P8qrGlEIkgh47f9CdaT

 

-----END CERTIFICATE-----

2 s:/CN=NITJU01-VM48583-CA

   i:/CN=NITJU01-VM48583-CA

-----BEGIN CERTIFICATE-----

MIIDPDCCAiSgAwIBAgIQFV1McGun8odFmCeslN4cYzANBgkqhkiG9w0BAQUFADAd

MRswGQYDVQQDExJOSVRKVTAxLVZNNDg1ODMtQ0EwHhcNMTQwNDE3MTQ1MjQ2WhcN

MTkwNDE3MTUwMjQ0WjAdMRswGQYDVQQDExJOSVRKVTAxLVZNNDg1ODMtQ0EwggEi

MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz3yDQo1N5faZupklLu54Z3QeJ

Qjvl7MuHQ8qDz1WSYt1xGAu6ErLXhUvQ1N4hHlAeEwPD474HIFNCccG6z7fSSt4b

V0BGfuZrShrvJcUbZKtCvDzYtp81fPFafzyCo7QZRPQBOBAQOGNHAktCJCSfFzbB

Iq5lIaZyzydWb4CZQWg8YifxkOtloB2LzSeT1GAHb+pyjVBR8oYeIVaXwfETIPbP

8Ae1LGABk+pEGDC7WQb1RiXc+mejm7n+qzYNLIlsidL0hUWYV0Fo7Dsh3/YhvhBs

ypHDibqMV0Ar+PaCOPffb0psDWAI3hTxkxgKlFk3CWWcx2NZsHFPxrtG9yMDAgMB

AAGjeDB2MAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSX

s55njGS0q829owzg3Oc/tg/y/TASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQB

gjcVAgQWBBRnD2ZnhRS9rmG7CZG4luwqxznF9DANBgkqhkiG9w0BAQUFAAOCAQEA

kfYG7f8LaTmVR5lis9qL7ryeO1oOoFoen96btyEbdNYiHjbKdcnOIZ4bw3kb+ixc

CX/ZLKRB95EgUqP1C0mZTqKnI7lKZyogkId//bbLtZ/D1x7EhqSnPZ7W37OTCCac

O4ngC4pg6bMBzV2rxT3qR297nJoDkWa4Uee3QLsFNjiYGT4FtS1n6zqdS03iVliD

Sylyh9xBOZnr82Ve0vhOtTB2TLBc3+UL1X5Aqe9pmqC+99msGvLWrUqERHLoU9cD

7dYeTQuXP6e8OLUhxhOsmcv8wwSy1moV4c1VDrtp513ovm2S1Lr7+N9pNpjaLANU

NK3XxiAW0u0bp1YrZsgcyQ==

-----END CERTIFICATE-----

---

Server certificate

subject=/DC=com/DC=ca/DC=nitju01-u137073/CN=pstore

issuer=/CN=lab-NITJU01-VM91700-CA

---

No client certificate CA names sent

Client Certificate Types: RSA fixed DH, DSS fixed DH, RSA sign, DSA sign

Server Temp Key: DH, 1024 bits

---

SSL handshake has read 3700 bytes and written 414 bytes

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 1024 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1

    Cipher    : DHE-RSA-AES256-SHA

    Session-ID: 981817B10DD7D4522AB0B0641B6774EED6D2588CF0E679C9C043E9DBF4A5711B

    Session-ID-ctx:

    Master-Key: 653B6E2CD410BFBD9C24EBC2C1151F995657A4E8B165D6DF0D29445A89D7BD74F532EAB1A042F5C616BFB8F9BADAE47C

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    SRP username: None

    TLS session ticket:

    0000 - b6 60 27 07 cf c7 91 04-fe 53 3a e1 88 8d 7e ff   .`'......S:...~.

    0010 - 47 c0 2e 1e 3f 2c 5d 8a-66 99 ab 34 74 5c 21 45   G...?,].f..4t\!E

    0020 - 5b fd 8c 55 92 e6 67 97-a5 4d 85 f4 89 a5 0c e3   [..U..g..M......

    0030 - ee 81 c1 9a aa 9a 85 13-53 29 e9 88 9b 77 2c 4e   ........S)...w,N

    0040 - 6c 47 86 08 6f 9f ff 5d-8a 4e 7a 34 8d 7f 17 4a   lG..o..].Nz4...J

    0050 - c1 d5 26 01 b7 46 a6 39-cb b7 79 9d 10 fa b5 95   ..&..F.9..y.....

    0060 - 96 d0 f4 c5 22 4b 66 b2-69 08 6a 6c ac b8 d0 b4   ...."Kf.i.jl....

    0070 - 9f 96 05 dd e0 23 54 48-1f 23 d2 0e f9 a4 1d cf   .....#TH.#......

    0080 - 20 08 35 84 ef 1e be f1-af 2d 6d 95 c5 d7 ef 04    .5......-m.....

    0090 - 1b 5b 96 1e 70 51 0c fd-cc b3 96 c3 d1 a5 d3 4b   .[..pQ.........K

 

    Start Time: 1456922485

    Timeout   : 300 (sec)

    Verify return code: 19 (self signed certificate in certificate chain)

---

 

read:errno=0

If you want to simulate your Policy Server or Web Agent responding slowly on a Linux box, you can do some traffic control on the machine by using the tc command.

 

To set a delay of 100ms on the network interface :

 

# tc qdisc add dev eth0 root netem delay 100ms

 

to verify the configuration :

 

# tc -s qdisc

 

to remove the configuration

 

# tc qdisc del dev eth0 root netem

 

where eth0 is the network device.

Here a sample to compile Apache 2.2 on RedHat for SiteMinder Web Agent.

 

Do the commands as root.

 

# bunzip2 httpd-2.2.24.tar.bz2

# tar -xvf httpd-2.2.24.tar && ls -l

# cd httpd-2.2.24

# export LIBS=-lpthread

# ./configure --prefix=/opt/apache2224 --enable-so --enable-auth-digest --enable-rewrite --enable-setenvif --enable-mime --enable-deflate --with-ssl=/usr --enable-headers --enable-ssl

# make && make install

# /opt/apache2224/bin/apachectl -V

 

Server version: Apache/2.2.24 (Unix)

Server built:   Jan 15 2016 03:54:08

Server's Module Magic Number: 20051115:31

Server loaded:  APR 1.3.9, APR-Util 1.3.9

Compiled using: APR 1.3.9, APR-Util 1.3.9

Architecture:   64-bit

Server MPM:     Prefork

  threaded:     no

    forked:     yes (variable process count)

Server compiled with....

-D APACHE_MPM_DIR="server/mpm/prefork"

-D APR_HAS_SENDFILE

-D APR_HAS_MMAP

-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)

-D APR_USE_SYSVSEM_SERIALIZE

-D APR_USE_PTHREAD_SERIALIZE

-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT

-D APR_HAS_OTHER_CHILD

-D AP_HAVE_RELIABLE_PIPED_LOGS

-D DYNAMIC_MODULE_LIMIT=128

-D HTTPD_ROOT="/opt/apache2224"

-D SUEXEC_BIN="/opt/apache2224/bin/suexec"

-D DEFAULT_PIDLOG="logs/httpd.pid"

-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"

-D DEFAULT_LOCKFILE="logs/accept.lock"

-D DEFAULT_ERRORLOG="logs/error_log"

-D AP_TYPES_CONFIG_FILE="conf/mime.types"

-D SERVER_CONFIG_FILE="conf/httpd.conf"

 

# /opt/apache2224/bin/apachectl start

 

Open a browser and access the server on port 80, it should returns :

 

It works !

Here is a sample of a for loop in Windows Dos shell :

 

    for %i IN (BIOS CPU ENVIRONMENT OS QFE) DO wmic %i list full /format:htable > %i.html

 

which means for each value in (), run wmic command with the value in parameter, and redirect the output to a file of the name of the value with extension .html

 

To get more information, run

 

    c:\> for /?

Here is a simple command to run on Linux RedHat to check each second any add or delete of a server or agent command set :

 

watch -n 1 "ldapsearch -h 130.119.151.137 -p 10002 -b "ou=PolicySvr4,ou=SiteMinder,ou=Netegrity,dc=training,dc=com" -x "smCommand4=*" | egrep \"dn: smAgentCommandOID4=14|dn: smServerCommandOID4=13\""

 

Policy Store : 130.119.151.137

Policy Store Port : 10002

 

this is useful to see the Policy Server working for example when Key rollover is applied.

In order to list all files (including hidden ones) on a Linux / Unix System, you can run that command :

 

# ls –Rltrha / > ls.txt

 

That will give you all files with all permissions from root / in the ls.txt. This is useful to review an existing installation permissions and temporary files.

Note also that the /proc repository will give you details about all running processes.

If you need to get the trace of interactions between the

Policy Server process and the OS on AIX or Solaris, the

following command will give you detailed information :

 

# truss –adefl –o output.txt ./bin/smpolicysrv

 

The truss command output will be found in output.txt

If you need to read a certificate that you have produced from the command line, you can use this :

 

# openssl x509 -in cert.crt -text -noout

 

The certificate should have several lines in the data field, each ending with a carriage return char.

Under Linux, you can see the line ending character by :

 

# cat –A myservercert.pem

You can use this command :

 

openssl rsa -noout -text -inform PEM -in mycert.cer -pubin

 

If it returns no error, the certificate and keys are good.

Patrick-Dussault

My Technical Notes

Posted by Patrick-Dussault Employee Dec 30, 2015

Please find here my technical notes.