How to Install OpenSSL from Source in CentOS and Ubuntu

OpenSSL is a full-featured software library that contains an open-source implementation of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, used for securing information transmitted over computer networks.

It is a general-purpose cryptography library and supports a number of different cryptographic algorithms including AES, Blowfish; MD5, MD4, SHA-1, SHA-2 cryptographic hash functions; RSA, DSA, Diffie–Hellman key exchange, Elliptic curve and many others.

In this article, we will explain how to install the latest stable version of OpenSSL from sources on CentOS and Ubuntu based distributions.

Step 1: Install Development Tools

1. To compile OpenSSL manually from sources, you need to first install few dependencies such as “Development Tools” under RHEL/CentOS/Fedora or “build-essential” in Debian/Ubuntu as shown.

------------------- On CentOS, RHEL & Fedora ------------------- 
# yum group install 'Development Tools' && yum install perl-core libtemplate-perl zlib-devel 

------------------- On Ubuntu & Debian -------------------
$ sudo apt update && apt install build-essential checkinstall zlib1g-dev libtemplate-perl

Step 2: Compile OpenSSL from Sources

2. Next, download the latest stable version of OpenSSL (v1.0.2 at the time of writing, which is a Long Term Support (LTS) release, supported until 31st December 2019), from the download page using following wget command and unpack it using tar command.

$ wget -c https://www.openssl.org/source/openssl-1.0.2p.tar.gz
$ tar -xzvf openssl-1.0.2p.tar.gz

3. Now, move into the extracted directory, configure, build, after a successful build, test the libraries and install OpenSSL in the default location, which is /usr/local/ssl, by running the following commands.

$ cd openssl-1.0.2p/
$ ./config
$ make
$ make test
$ sudo make install 

4. Once you have successfully installed OpenSSL, you can move into the installation directory and view the various sub-directories and files using ls command.

$ cd /usr/local/ssl/
$ ls -l

drwxr-xr-x. 2 root root  4096 Aug 22 06:37 bin
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 certs
drwxr-xr-x. 3 root root  4096 Aug 22 06:37 include
drwxr-xr-x. 4 root root  4096 Aug 22 06:37 lib
drwxr-xr-x. 6 root root  4096 Aug 22 06:36 man
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 misc
-rw-r--r--. 1 root root 10835 Aug 22 06:37 openssl.cnf
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 private

The following are important directories you need to take note of:

  • bin – contains the openssl binary and some utility scripts.
  • include/openssl – contains the header files needed for building your own programs that use libcrypto or libssl.
  • lib – contains the OpenSSL library files.
  • lib/engines – contains the OpenSSL dynamically loadable engines.
  • man – contains the OpenSSL man-pages.
  • share/doc/openssl/html – contains HTML rendition of the man-pages.
  • certs – the default location for certificate files.
  • private – the default location for private key files.

5. To check the version of OpenSSL you have just installed, run the following command.

$ /usr/local/ssl/bin/openssl version

OpenSSL 1.0.2p  14 Aug 2018

6. To use the newly installed OpenSSL version on your system, you need to add the directory /usr/local/ssl/bin/ to your PATH, in the file ~/.bashrc (or the equivalent for your shell).

$ vim ~/.bashrc

Add this line at the bottom of the file.

export PATH="/usr/local/ssl/bin:${PATH}"

Save and close the file and reload the configuration using the command below.

$ source .bashrc

7. Now open a new terminal window and run the following commands to confirm that the new OpenSSL binary is located in your PATH and that you can run it without typing its full path.

$ whereis openssl

openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/local/ssl/bin/openssl /usr/share/man/man1/openssl.1ssl.gz
$ openssl version 	

OpenSSL 1.0.2p  14 Aug 2018

That’s all! In this article, we have explained how to install the latest OpenSSL version from source on Linux systems. If you have any questions, use the command form below to reach us.

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

2 thoughts on “How to Install OpenSSL from Source in CentOS and Ubuntu”

  1. There was already a version of Open SSL present in the system. I downloaded the tarball (1.1.1n) as explained into the /tmp/ directory and ran the ./configure, make, make test and make install commands.

    Under /usr/local/ssl I find the below directory but no bin.

    total 32
    drwxr-xr-x.  5 root root   140 Jun 30 10:32 .
    drwxr-xr-x. 15 root root   168 Jun 30 10:32 ..
    drwxr-xr-x.  2 root root     6 Jun 30 10:32 certs
    -rw-r--r--.  1 root root   412 Jun 30 10:32 ct_log_list.cnf
    -rw-r--r--.  1 root root   412 Jun 30 10:32 ct_log_list.cnf.dist
    drwxr-xr-x.  2 root root    48 Jun 30 10:32 misc
    -rw-r--r--.  1 root root 10909 Jun 30 10:32 openssl.cnf
    -rw-r--r--.  1 root root 10909 Jun 30 10:32 openssl.cnf.dist
    drwxr-xr-x.  2 root root     6 Jun 30 10:32 private
    

    and the system still shows the old version while running openssl version.

    # openssl version
    OpenSSL 1.0.2k-fips  26 Jan 2017
    
    Reply
  2. $ openssl version
    

    openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

    To fix this error, one has to run the following commands:

    $ sudo bash -c "echo '/usr/local/lib64' >> /etc/ld.so.conf"
    $ sudo ldconfig
    $ openssl version
    OpenSSL 1.1.1j  16 Feb 2021
    
    Reply

Leave a Reply to Ritu Sangha Cancel reply

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.