This is all certainly do-able, but a step-by-step guide is out of scope for Server Fault (and frankly if you need such a guide you've no business doing this to begin with - it's moderately advanced system administration like back in the bad-old-days before package management and if you're not up to that level of skill you need to play in a sandbox environment before attempting this in production).OpenSSL is a full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, and is installed on many distributions of Linux by default. It also leaves your core system running a different OpenSSL than your web server (which may or may not be a huge problem for you - but it is something you need to be aware of when you're troubleshooting in the future. You will of course then be responsible for tracking security updates to all of those components on your own, and rebuilding/reinstalling them as necessary. If you insist on doing this the hard way you will need to download Apache, OpenSSL, and any other ancillary components (PHP, Passenger, mod_perl, etc.) that you use in your web server, and basically build a local OpenSSL, compile a custom Apache building against that SSL library, and then add all the ancillary components to your custom Apache environment. Any upgrade done on Debian 6 would have to be done "the hard way". If you don't want to upgrade to Debian 7, you should probably stick with the old OpenSSL and Apache (bearing in mind all of the implications of doing so). It also gets you a lot of other security and functionality enhancements that have been made since Debian 6. There are LOTS of dependencies underlying Apache, and a full OS upgrade IS the "easiest way" to do this upgrade. Specifically, you should update to Debian 7 (Wheezy) like Zoredache told you to.
0 kommentar(er)
