How to Install OpenSSL from Source in CentOS and Ubuntu

OpenSSL is a full-featured software library that contains an open-source implementation of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, used for securing information transmitted over computer networks.

It is a general-purpose cryptography library and supports a number of different cryptographic algorithms including AES, Blowfish; MD5, MD4, SHA-1, SHA-2 cryptographic hash functions; RSA, DSA, Diffie–Hellman key exchange, Elliptic curve and many others.

In this article, we will explain how to install the latest stable version of OpenSSL from sources on CentOS and Ubuntu based distributions.

Step 1: Install Development Tools

1. To compile OpenSSL manually from sources, you need to first install few dependencies such as “Development Tools” under RHEL/CentOS/Fedora or “build-essential” in Debian/Ubuntu as shown.

------------------- On CentOS, RHEL & Fedora ------------------- 
# yum group install 'Development Tools' && yum install perl-core libtemplate-perl zlib-devel 

------------------- On Ubuntu & Debian -------------------
$ sudo apt update && apt install build-essential checkinstall zlib1g-dev libtemplate-perl

Step 2: Compile OpenSSL from Sources

2. Next, download the latest stable version of OpenSSL (v1.0.2 at the time of writing, which is a Long Term Support (LTS) release, supported until 31st December 2019), from the download page using following wget command and unpack it using tar command.

$ wget -c
$ tar -xzvf openssl-1.0.2p.tar.gz

3. Now, move into the extracted directory, configure, build, after a successful build, test the libraries and install OpenSSL in the default location, which is /usr/local/ssl, by running the following commands.

$ cd openssl-1.0.2p/
$ ./config
$ make
$ make test
$ sudo make install 

4. Once you have successfully installed OpenSSL, you can move into the installation directory and view the various sub-directories and files using ls command.

$ cd /usr/local/ssl/
$ ls -l

drwxr-xr-x. 2 root root  4096 Aug 22 06:37 bin
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 certs
drwxr-xr-x. 3 root root  4096 Aug 22 06:37 include
drwxr-xr-x. 4 root root  4096 Aug 22 06:37 lib
drwxr-xr-x. 6 root root  4096 Aug 22 06:36 man
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 misc
-rw-r--r--. 1 root root 10835 Aug 22 06:37 openssl.cnf
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 private

The following are important directories you need to take note of:

  • bin – contains the openssl binary and some utility scripts.
  • include/openssl – contains the header files needed for building your own programs that use libcrypto or libssl.
  • lib – contains the OpenSSL library files.
  • lib/engines – contains the OpenSSL dynamically loadable engines.
  • man – contains the OpenSSL man-pages.
  • share/doc/openssl/html – contains HTML rendition of the man-pages.
  • certs – the default location for certificate files.
  • private – the default location for private key files.

5. To check the version of OpenSSL you have just installed, run the following command.

$ /usr/local/ssl/bin/openssl version

OpenSSL 1.0.2p  14 Aug 2018

6. To use the newly installed OpenSSL version on your system, you need to add the directory /usr/local/ssl/bin/ to your PATH, in the file ~/.bashrc (or the equivalent for your shell).

$ vim ~/.bashrc

Add this line at the bottom of the file.

export PATH="/usr/local/ssl/bin:${PATH}"

Save and close the file and reload the configuration using the command below.

$ source .bashrc

7. Now open a new terminal window and run the following commands to confirm that the new OpenSSL binary is located in your PATH and that you can run it without typing its full path.

$ whereis openssl

openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/local/ssl/bin/openssl /usr/share/man/man1/openssl.1ssl.gz
$ openssl version 	

OpenSSL 1.0.2p  14 Aug 2018

That’s all! In this article, we have explained how to install the latest OpenSSL version from source on Linux systems. If you have any questions, use the command form below to reach us.

If you read this far, tweet to the author to show them you care. Tweet a thanks
Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

2 thoughts on “How to Install OpenSSL from Source in CentOS and Ubuntu”

  1. There was already a version of Open SSL present in the system. I downloaded the tarball (1.1.1n) as explained into the /tmp/ directory and ran the ./configure, make, make test and make install commands.

    Under /usr/local/ssl I find the below directory but no bin.

    total 32
    drwxr-xr-x.  5 root root   140 Jun 30 10:32 .
    drwxr-xr-x. 15 root root   168 Jun 30 10:32 ..
    drwxr-xr-x.  2 root root     6 Jun 30 10:32 certs
    -rw-r--r--.  1 root root   412 Jun 30 10:32 ct_log_list.cnf
    -rw-r--r--.  1 root root   412 Jun 30 10:32 ct_log_list.cnf.dist
    drwxr-xr-x.  2 root root    48 Jun 30 10:32 misc
    -rw-r--r--.  1 root root 10909 Jun 30 10:32 openssl.cnf
    -rw-r--r--.  1 root root 10909 Jun 30 10:32 openssl.cnf.dist
    drwxr-xr-x.  2 root root     6 Jun 30 10:32 private

    and the system still shows the old version while running openssl version.

    # openssl version
    OpenSSL 1.0.2k-fips  26 Jan 2017
  2. $ openssl version

    openssl: error while loading shared libraries: cannot open shared object file: No such file or directory

    To fix this error, one has to run the following commands:

    $ sudo bash -c "echo '/usr/local/lib64' >> /etc/"
    $ sudo ldconfig
    $ openssl version
    OpenSSL 1.1.1j  16 Feb 2021

Leave a Reply to Anonymous Cancel reply

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.