OpenSSL is a full-featured software library that contains an open-source implementation of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, used for securing information transmitted over computer networks.
It is a general-purpose cryptography library and supports a number of different cryptographic algorithms including AES, Blowfish; MD5, MD4, SHA-1, SHA-2 cryptographic hash functions; RSA, DSA, Diffie–Hellman key exchange, Elliptic curve and many others.
In this article, we will explain how to install the latest stable version of OpenSSL from sources on CentOS and Ubuntu based distributions.
Step 1: Install Development Tools
1. To compile OpenSSL manually from sources, you need to first install few dependencies such as “Development Tools” under RHEL/CentOS/Fedora or “build-essential” in Debian/Ubuntu as shown.
------------------- On CentOS, RHEL & Fedora ------------------- # yum group install 'Development Tools' && yum install perl-core libtemplate-perl zlib-devel ------------------- On Ubuntu & Debian ------------------- $ sudo apt update && apt install build-essential checkinstall zlib1g-dev libtemplate-perl
Step 2: Compile OpenSSL from Sources
2. Next, download the latest stable version of OpenSSL (v1.0.2 at the time of writing, which is a Long Term Support (LTS) release, supported until 31st December 2019), from the download page using following wget command and unpack it using tar command.
$ wget -c https://www.openssl.org/source/openssl-1.0.2p.tar.gz $ tar -xzvf openssl-1.0.2p.tar.gz
3. Now, move into the extracted directory, configure, build, after a successful build, test the libraries and install OpenSSL in the default location, which is /usr/local/ssl, by running the following commands.
$ cd openssl-1.0.2p/ $ ./config $ make $ make test $ sudo make install
4. Once you have successfully installed OpenSSL, you can move into the installation directory and view the various sub-directories and files using ls command.
$ cd /usr/local/ssl/ $ ls -l drwxr-xr-x. 2 root root 4096 Aug 22 06:37 bin drwxr-xr-x. 2 root root 4096 Aug 22 06:37 certs drwxr-xr-x. 3 root root 4096 Aug 22 06:37 include drwxr-xr-x. 4 root root 4096 Aug 22 06:37 lib drwxr-xr-x. 6 root root 4096 Aug 22 06:36 man drwxr-xr-x. 2 root root 4096 Aug 22 06:37 misc -rw-r--r--. 1 root root 10835 Aug 22 06:37 openssl.cnf drwxr-xr-x. 2 root root 4096 Aug 22 06:37 private
The following are important directories you need to take note of:
- bin – contains the openssl binary and some utility scripts.
- include/openssl – contains the header files needed for building your own programs that use libcrypto or libssl.
- lib – contains the OpenSSL library files.
- lib/engines – contains the OpenSSL dynamically loadable engines.
- man – contains the OpenSSL man-pages.
- share/doc/openssl/html – contains HTML rendition of the man-pages.
- certs – the default location for certificate files.
- private – the default location for private key files.
5. To check the version of OpenSSL you have just installed, run the following command.
$ /usr/local/ssl/bin/openssl version OpenSSL 1.0.2p 14 Aug 2018
6. To use the newly installed OpenSSL version on your system, you need to add the directory /usr/local/ssl/bin/ to your PATH, in the file ~/.bashrc (or the equivalent for your shell).
$ vim ~/.bashrc
Add this line at the bottom of the file.
export PATH="/usr/local/ssl/bin:${PATH}"
Save and close the file and reload the configuration using the command below.
$ source .bashrc
7. Now open a new terminal window and run the following commands to confirm that the new OpenSSL binary is located in your PATH and that you can run it without typing its full path.
$ whereis openssl openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/local/ssl/bin/openssl /usr/share/man/man1/openssl.1ssl.gz
$ openssl version OpenSSL 1.0.2p 14 Aug 2018
That’s all! In this article, we have explained how to install the latest OpenSSL version from source on Linux systems. If you have any questions, use the command form below to reach us.
There was already a version of Open SSL present in the system. I downloaded the tarball (1.1.1n) as explained into the /tmp/ directory and ran the ./configure, make, make test and make install commands.
Under /usr/local/ssl I find the below directory but no bin.
and the system still shows the old version while running openssl version.
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
To fix this error, one has to run the following commands: