Sendmail 8.x SMTP server

[3] Usually a stable and recent enough Sendmail software is provided for your convenience by the Operating System Vendor and we recommend using the release that the Vendor included in its Operating System distribution. For further information about Sendmail or to download its most recent release, visit the Sendmail website on www.sendmail.org [4].

GNU C Compiler 3.4.x

Usually a stable and recent enough GCC compiler is provided for your convenience by the Operating System Vendor and we recommend using the release that the Vendor included in its Operating System distribution. For further information about the GNU C Compiler or to download its most recent release, visit the GNU GCC website on gcc.gnu.org.


OpenSSL 0.9.8c

OpenSSL 0.9.8c compiled from source code distribution with necessary patches as per the list below.

Patch Name Version Comments
Time-Stamping [5] 20060923-0.9.8c required for Time-Stamping
nCipher CHIL 0.9.8a to support nCipher HSM
Before you compile your OpenSSL toolkit, you will need to apply the Time-Stamping patch and optionally a Cryptographic Hardware Interface Library patch for interfacing nCipher HSM devices. Both patches are provided with the source distribution of Digi-CA™ and you may find them in the OpenSSL/patches sub-directory of your Digi-CA™ source distribution package. Visit OpenSSL website on www.openssl.org [6] to download the OpenSSL cryptographic toolkit. When configuring and compiling this toolkit, ensure you compile its libraries as dynamically shared. To perform a quick installation, use the Quick Installation guide provided below.


QIG - OpenSSL 0.9.8c

The Quick Installation Guide [QIG] for OpenSSL 0.9.8c suggests that you change working directory to the location where you saved the OpenSSL toolkit source distribution release. For the purpose of this installation guide, we will assume you have saved the OpenSSL toolkit in /usr/local/src directory.

Change working directory:
• cd /usr/local/src

Using tar, unpack files from the archive:

• tar --gunzip -xvf openssl-0.9.8c.tar.gz

Change working directory:

• cd /usr/local/src/openssl-0.9.8c

Using patch, apply patch to enable Time-Stamping feature:

• patch -p1 < /
  /ts-0.9.8c-patch
• - is the path where you saved the patch.

Optionally, apply patch for Cryptographic Hardware Interface Library:

• patch -p1 < /
  /chil-0.9.8a-patch
• - is the path where you saved the patch.

Prepare the installation:

• ./config shared

Compile, test and install:

• make
• make test
• make install

cURL 7.16.1

[3] The recommended URL syntax based Network Communication Tool is cURL 7.16.1 and this should be compiled from source code distribution with SSL support enabled. Visit the cURL website on curl.haxx.se to download the cURL source distribution.


QIG - cURL 7.16.1

Change working directory to the location where you saved the cURL source distribution release. For the purpose of this installation guide, we will assume you have saved the cURL in /usr/local/src directory.

Change working directory:

• cd /usr/local/src

Using tar, unpack files from the archive:

• tar --gunzip -xvf curl-7.16.4.tar.gz

Change working directory:

• cd /usr/local/src/curl-7.16.4

Prepare the installation:

• ./configure --prefix=/usr/local/curl –with -ssl=/usr/local/ssl

Compile, test and install:

• make
• make test
• make install

stunnel 4.20

stunnel 4.20 compiled from source code distribution with SSL support enabled. Visit the sTunnel website on www.stunnel.org [7] to download the sTunnel source distribution.

QIG - stunnel 4.20

Change working directory to the location where you saved the sTunnel source distribution release. For the purpose of this installation guide, we will assume you have saved the sTunnel in /usr/local/src directory.

Change working directory:

• cd /usr/local/src

Using tar, unpack files from the archive:

• tar --gunzip -xvf stunnel-4.20.tar.gz

Change working directory:

• cd /usr/local/src/stunnel-4.20

Prepare the installation:

• ./configure --prefix=/usr/local/stunnel --with-ssl=/usr/local/ssl

Compile, test and install:

• make
• make test
• make install

libmcrypt 2.5.8

The recommended Hashing & Encryption Tools and Libraries are from libmcrypt 2.5.8 compiled from source code distribution. Visit the mCrypt website on mcrypt.sourceforge.net to download the mCrypt library source distribution.

QIG - libmcrypt 2.5.8

Change working directory to the location where you saved the mCrypt library source distribution release. For the purpose of this installation guide, we will assume you have saved the mCrypt library in /usr/local/src directory.

Change working directory:

• cd /usr/local/src

Using tar, unpack files from the archive:

• tar --gunzip -xvf libmcrypt-2.5.8.tar.gz

Change working directory:

• cd /usr/local/src/libmcrypt-2.5.8

Prepare the installation:

• ./configure

Compile, test and install:

• make
• make check
• make install

GNU mHash 0.9.9

[3] GNU mHash 0.9.9 compiled from source code distribution. Visit the mHash website on mhash.sourceforge.net to download the mHash source distribution.

QIG - GNU mHash 0.9.9

Change working directory to the location where you saved the mHash source distribution release. For the purpose of this installation guide, we will assume you have saved the mHash in /usr/local/src directory.

Change working directory:
• cd /usr/local/src

Using tar, unpack files from the archive:

• tar --gunzip -xvf mhash-0.9.9.tar.gz

Change working directory:

• cd /usr/local/src/ mhash-0.9.9

Prepare the installation:

• ./configure

Compile, test and install:

• make
• make check
• make install

mCrypt 2.6.6

mCrypt 2.6.6 compiled from source code distribution. Visit the mCrypt website on mcrypt.sourceforge.net to download the mCrypt toolkit source distribution.

QIG - mCrypt 2.6.6

Change working directory to the location where you saved the mCrypt toolkit source distribution release. For the purpose of this installation guide, we will assume you have saved the mCrypt toolkit in /usr/local/src directory.

Change working directory:

• cd /usr/local/src

Using tar, unpack files from the archive:

• tar --gunzip -xvf mcrypt-2.6.6.tar.gz

Change working directory:

• cd /usr/local/src/mcrypt-2.6.6

Prepare the installation:

• ./configure

Compile, test and install:

• make
• make check
• make install

Apache 2.2.6

Apache 2.2.6 Web Server is compiled from source code distribution with SSL support enabled. Visit the Apache website on www.apache.org [8] to download the Apache web server source distribution.

QIG - Apache 2.2.6

Change working directory to the location where you saved the Apache source distribution release. For the purpose of this installation guide, we will assume you have saved the Apache source distribution in /usr/local/src directory.


Change working directory:

• cd /usr/local/src

Using tar, unpack files from the archive:

• tar --gunzip -xvf httpd-2.0.59.tar.gz

Change working directory:

• cd /usr/local/src/httpd-2.0.59

Prepare the installation:

• ./configure --prefix=/usr/local/apache2 --enable-so --enable-cgi \
• --enable-info --enable-rewrite --enable-speling --enable-usertrack \
• --enable-deflate --enable-ssl --enable-mime-magic

Compile and install:

• make
• make install

MySQL 5.0.37 SQL

[3] MySQL 5.0.37 SQL Database Server and Client is compiled from source code distribution with SSL support enabled. Visit the MySQL website on www.mysql.org [9] to download the MySQL database server source distribution.


QIG - MySQL 5.0.37 SQL

Change working directory to the location where you saved the MySQL source distribution release. For the purpose of this installation guide, we will assume you have saved the MySQL source distribution in /usr/local/src directory.

Change working directory:
• cd /usr/local/src

Using tar, unpack files from the archive:

• tar --gunzip -xvf mysql-5.0.45.tar.gz

Change working directory:

• cd /usr/local/src/mysql-5.0.45

As super user, add new user and group:

• /usr/sbin/groupadd mysql
• /usr/sbin/useradd -g mysql mysql

Prepare the installation:

• ./configure --prefix=/usr/local/mysql --localstatedir=/usr/local/mysql/data \
• --with-unix-socket-path=/var/run/mysql/mysql.sock --with-big-tables \
• --with-openssl=/usr/local/ssl --enable-thread-safe-client

Compile and install:

• make
• make install

Copy the recommended MySQL configuration file to its destination folder within your operating system:

• cp support-files/my-medium.cnf /etc/my.cnf

Change working directory:

• cd /usr/local/mysql

Change ownership of the working directory:

• chown -R mysql.
• chgrp -R mysql.

Install default databases:

• /usr/local/mysql/bin/mysql_install_db --user=mysql

Change ownership of the working directory:

• chown -R root .

Perl 5.8.x

Usually a stable and recent enough Perl scripting language is provided for your convenience by the Operating System Vendor and we recommend using the release that the Vendor included in its Operating System distribution. For further information about the Perl scripting language or to download its most recent release, visit the Perl website on www.perl.org [10].

PHP 5.2.3

PHP 5.2.3 compiled from source code distribution with Digi-CA™ [11] cryptographic patch.
• Patch Name Version Comments
• Digi-CA Crypto 1.0 for enabling extended cryptography

Before you compile your PHP package, you will need to apply the DigiCA™ Cryptographic patch, that will enable the PHP language with additional cryptography related features required by Digi-CA™. The patch is provided with the source distribution of Digi-CA™ and you may find it in the PHP/patches sub-directory of your Digi-CA™ source distribution directory tree. Visit PHP website on www.php.net [12] to download the PHP package. To perform a quick installation, use the Quick Installation guide provided below.

PHP 5.2.3

[3] Change working directory to the location where you saved the PHP source distribution release. For the purpose of this installation guide, we will assume you have saved the PHP source distribution release in /usr/local/src directory.

Change working directory:
• cd /usr/local/src

Using tar, unpack files from the archive:

• tar --gunzip -xvf php-5.2.3.tar.gz




Patch PHP source with Digi-CA™ Cryptographic Patch:

• cp /
  /dgca-openssl.c-patch \
  /usr/local/src/PHP/php-5.2.3/ext/openssl/openssl.c
• cp /
  /dgca-php_openssl.h-patch \
  /usr/local/src/PHP/php-5.2.3/ext/openssl/php_openssl.h
• - is the path where you saved the patch.




Change working directory:

• cd /usr/local/src/php-5.2.3




Prepare the installation:

./configure --with-apxs2=/usr/local/apache2/bin/apxs \
• --with-mysql=/usr/local/mysql --with-zlib --with-gettext \
• --with-openssl=/usr/local/ssl --with-curl=/usr/local/curl \
• --with-mcrypt=/usr/local/lib --enable-mbstring




Compile, test and install:

• make
• make test
• make install

PHP PEAR DB 1.7.13 and LOG 1.9.11

For the PHP PEAR DB 1.7.13 and LOG 1.9.11 packages visit PHP PEAR website on pear.php.net to download the PHP PEAR DB and LOG packages. To perform a quick installation, use the Quick Installation guide provided below.

• QIG - PHP PEAR DB 1.7.13 and LOG 1.9.11

Change working directory to the location where you saved the PHP PEAR DB and LOG source distribution releases. For the purpose of this installation guide, we will assume you have saved these in /usr/local/src directory.


Change working directory:

cd /usr/local/src

Install PEAR DB:

• pear install DB-1.7.13.tar.gz

Install PEAR LOG:

• pear install Log-1.9.11.tgz.tar




• Preparing for the Digi-CA™ Installation

Login to the operating system console as Super User and perform the following actions:

1. Prepare directory structure by setting up system directory for Digi-CA™:
• mkdir /usr/local/digiCA

2. Change the working directory:

• cd /usr/local/digiCA

3. Copy the Digi-CA™ PKI System installation package to the newly created directory:

• cp //digica-1-0.tar.gz /usr/local/digiCA/digica-1-0.tar.gz

represents the directory path for the location of the Digi-CA™ PKI System Installation package file. Digi-CA™ software is distributed on CD/DVD discs or through a web based download. If you obtained a copy of Digi-CA™ software on a CD/DVD disc, ensure that you enter the correct path for your CD/DVD media disc as mounted by your operating system. Otherwise, if you downloaded a copy of Digi-CA™ through Digi-Sign website, ensure you enter the correct directory path for location to which you downloaded the installation package.

4. Unpack Digi-CA™ PKI System files:

• tar –gunzip –xvf digica-.tar.gz

5. The above command will unpack the Digi-CA™ installation package and create the following new package files, that contain application files for each Digi-CA™ module:



• digica-installer-.tar.gz (initial system installation script)
• digica-csp-.tar.gz (Cryptographic Service Provider)
• digica-caapsrv-.tar.gz (CA Application Server)
• digica-ocspgtw-.tar.gz (OCSP Gateway)
• digica-tsagtw-.tar.gz (Time-Stamping [5] Authority Gateway)
• digiCA-caamc-.tar.gz (CA Administration Management Console)
• digiCA-ramc-.tar.gz (RA Management Console)
• digiCA-rars-.tar.gz (RA Registration Service)




Przemek: represents the release version of the individual module of the system. Refer to section XX for further information about the functionality of each module.