This apache module was developed and tested on SuSE Linux 9.2 (users reported it to work on FreeBSD and Solaris 9). If you try to use it on other platforms please let me know your problems or success.
Steps of installation:
Check if you already have binary Apache installed with dynamic shared object (mod_so.c) support enabled:
$ httpd -l
If you see mod_so.c in the list then DSO support is enabled and you do not need to carry out the steps marked OPTIONAL below.
mod_tsa supports storing all the returned time stamp tokens in either a MySQL, a FireBird or PostgreSQL database. See the instructions below for how to compile in support for one of these databse servers. If you want MySQL support carry out all the steps marked with OPTIONAL_MYSQL, if you want FireBird support do the same with the steps marked with OPTIONAL_FIREBIRD, and if you want PostgreSQL support do the same with the steps marked with OPTIONAL_PGSQL.
Download the required external packages as indicated on the OpenTSA homepage:
(OPTIONAL_MYSQL) Configure, build, install and run a MySQL server. Create a database in which you want to store the time stamp tokens.
(OPTIONAL_FIREBIRD) Configure, build, install and run a FireBird server. Create a database in which you want to store the time stamp tokens.
(OPTIONAL_PGSQL) Configure, build, install and run a PostgreSQL server. Create a database in which you want to store the time stamp tokens.
Configure, build, test and install OpenSSL with the time stamping patch as described in the time stamp patch installation guide.
Extract the rest of the required packages:
$ gzip -cd apache-VERSION.tar.gz | tar xf - # OPTIONAL $ gzip -cd mod_tsa-VERSION.tgz | tar xf -
(OPTIONAL) Configure, build and install Apache as described in its manual. You must enable the 'so' module for dynamic module support. The steps briefly:
$ cd apache-VERSION $ ./configure --enable-module=so $ make $ make install # you may have to be logged in as root here
Build mod_tsa (OPTIONAL_MYSQL: uncomment TS_MYSQL=1 from the make command line below, OPTIONAL_FIREBIRD: uncomment TS_FBSQL=1 from the make command line below, OPTIONAL_PGSQL: uncomment TS_PGSQL=1 from the make command line below):
$ cd ../mod_tsa $ make OPENSSL=<openssl_root> # TS_MYSQL=1 TS_FBSQL=1 TS_PGSQL=1
Install the mod_tsa DSO module under the Apache directory. The following command enables mod_tsa in httpd.conf, too:
$ make install # you may have to be logged in as root here
(OPTIONAL_MYSQL) Execute the mysql_create.sql MySQL script for creating the database table for storing the time stamp tokens:
$ mysql -h <mysql_host> <database> -p < mysql_create.sql
(OPTIONAL_FBSQL) Execute the fbsql_create.sql FireBird script for creating the database table for storing the time stamp tokens:
$ isql <database> -u <user> -p <password> -i fbsql_create.sql
(OPTIONAL_PGSQL) Execute the postgresql_create.sql PostgreSQL script for creating the database table for storing the time stamp tokens:
$ psql <database> -U <user> -W < postgresql_create.sql
Generate a private key and a certificate including the TimeStamping critical extended key usage X.509v3 extension for the TSA and set up the mod_tsa configuration options in httpd.conf, see the mod_tsa documentation for the available mod_tsa-specific directives.
Start up httpd and check the Apache error_log to see if everything started correctly (you should see the mod_tsa configuration options and no error messages), because mod_tsa may not have started up properly despite what apachectl says:
$ apachectl start $ more <apache_root>/logs/error_log
You can connect to the server with any TSA HTTP client (e.g. tsget, which is included in the OpenSSL time stamping patch, see the tsget(1) manual page) and the server will send back RFC 3161 compliant messages. Good luck!