How to Install OpenSSL from Source in CentOS and Ubuntu

OpenSSL is a full-featured software library that contains an open-source implementation of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, used for securing information transmitted over computer networks.

It is a general-purpose cryptography library and supports a number of different cryptographic algorithms including AES, Blowfish; MD5, MD4, SHA-1, SHA-2 cryptographic hash functions; RSA, DSA, Diffie–Hellman key exchange, Elliptic curve and many others.

In this article, we will explain how to install the latest stable version of OpenSSL from sources on CentOS and Ubuntu based distributions.

Step 1: Install Development Tools

1. To compile OpenSSL manually from sources, you need to first install few dependencies such as “Development Tools” under RHEL/CentOS/Fedora or “build-essential” in Debian/Ubuntu as shown.

------------------- On CentOS, RHEL & Fedora ------------------- 
# yum group install 'Development Tools' && yum install perl-core libtemplate-perl zlib-devel 

------------------- On Ubuntu & Debian -------------------
$ sudo apt update && apt install build-essential checkinstall zlib1g-dev libtemplate-perl

Step 2: Compile OpenSSL from Sources

2. Next, download the latest stable version of OpenSSL (v1.0.2 at the time of writing, which is a Long Term Support (LTS) release, supported until 31st December 2019), from the download page using following wget command and unpack it using tar command.

$ wget -c https://www.openssl.org/source/openssl-1.0.2p.tar.gz
$ tar -xzvf openssl-1.0.2p.tar.gz

3. Now, move into the extracted directory, configure, build, after a successful build, test the libraries and install OpenSSL in the default location, which is /usr/local/ssl, by running the following commands.

$ cd openssl-1.0.2p/
$ ./config
$ make
$ make test
$ sudo make install 

4. Once you have successfully installed OpenSSL, you can move into the installation directory and view the various sub-directories and files using ls command.

$ cd /usr/local/ssl/
$ ls -l

drwxr-xr-x. 2 root root  4096 Aug 22 06:37 bin
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 certs
drwxr-xr-x. 3 root root  4096 Aug 22 06:37 include
drwxr-xr-x. 4 root root  4096 Aug 22 06:37 lib
drwxr-xr-x. 6 root root  4096 Aug 22 06:36 man
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 misc
-rw-r--r--. 1 root root 10835 Aug 22 06:37 openssl.cnf
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 private

The following are important directories you need to take note of:

  • bin – contains the openssl binary and some utility scripts.
  • include/openssl – contains the header files needed for building your own programs that use libcrypto or libssl.
  • lib – contains the OpenSSL library files.
  • lib/engines – contains the OpenSSL dynamically loadable engines.
  • man – contains the OpenSSL man-pages.
  • share/doc/openssl/html – contains HTML rendition of the man-pages.
  • certs – the default location for certificate files.
  • private – the default location for private key files.

5. To check the version of OpenSSL you have just installed, run the following command.

$ /usr/local/ssl/bin/openssl version

OpenSSL 1.0.2p  14 Aug 2018

6. To use the newly installed OpenSSL version on your system, you need to add the directory /usr/local/ssl/bin/ to your PATH, in the file ~/.bashrc (or the equivalent for your shell).

$ vim ~/.bashrc

Add this line at the bottom of the file.

export PATH="/usr/local/ssl/bin:${PATH}"

Save and close the file and reload the configuration using the command below.

$ source .bashrc

7. Now open a new terminal window and run the following commands to confirm that the new OpenSSL binary is located in your PATH and that you can run it without typing its full path.

$ whereis openssl

openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/local/ssl/bin/openssl /usr/share/man/man1/openssl.1ssl.gz
$ openssl version 	

OpenSSL 1.0.2p  14 Aug 2018

That’s all! In this article, we have explained how to install the latest OpenSSL version from source on Linux systems. If you have any questions, use the command form below to reach us.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.