How To Install OpenSSL From Source On Linux

This comprehensive Linux guide expects that you run the following commands as root user but if you decide to run the commands as a different user then ensure that the user has sudo access and that you precede each of the privileged commands with sudo

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
OpenSSL is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

In this tutorial, we will explain you how to install the latest version of OpenSSL from source on your linux system.

Installing Dependencies

Before we start the installation of OpenSSL on your linux sytem, we first need to install the dependencies. You can follow the commands below to do so.

On Debian/Ubuntu

Run the following commands

[email protected]:~$ apt update
[email protected]:~$ apt install build-essential checkinstall zlib1g-dev -y

On RHEL/CentOS

Run the following commands

[email protected]:~$ yum group install 'Development Tools'
[email protected]:~$ yum install perl-core zlib-devel -y

Downloading OpenSSL

After installing the dependencies, you can download the latest version of OpenSSL by running the following commands on your system.

At this moment, OpenSSL 1.0.2 is the latest version available.

First, go to /usr/local/src/ directory by running the following command

[email protected]:~$ cd /usr/local/src/

Then run the following command to download the OpenSSL

[email protected]:~$ wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz

Extracting Downloaded Files

Now, run the following commands to extract the downloaded files.

[email protected]:~$ tar -xf openssl-1.0.2o.tar.gz
[email protected]:~$ cd openssl-1.0.2o

Installing OpenSSL

Now, run the following commands to configure and compile OpenSSL

[email protected]:~$ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
[email protected]:~$ make
[email protected]:~$ make test

Now run the following command

[email protected]:~$ make install

Configuring Link Libraries

Now, you need to configure the shared libraries for OpenSSL. To do so, you first need to go to the /etc/ld.so.conf.d/ directory using the following command.

[email protected]:~$ cd /etc/ld.so.conf.d/

Then run the following command

[email protected]:~$ vim openssl-1.0.2o.conf

Paste the following path into the file

/usr/local/ssl/lib

Now, save and exit the file.

Now, run the following command to reload the dynamic link

[email protected]:~$ ldconfig -v

Configuring OpenSSL Binary

Now, we need to configure the binary for OpenSSL by following the steps below

For Ubuntu/Debian

Run the following commands to backup the old binary files and place the new ones.

[email protected]:~$ mv /usr/bin/c_rehash /usr/bin/c_rehash.BEKUP
[email protected]:~$ mv /usr/bin/openssl /usr/bin/openssl.BEKUP

Now we need to edit the /etc/environment file, run the following command

[email protected]:~$ vim /etc/environment

Add the following path to the file

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"

Now save and exit the file.

Now run the following command to reload the environment file

[email protected]:~$ source /etc/environment
[email protected]:~$ echo $PATH

Now check the OpenSSL Binary file by running the following command

[email protected]:~$ which openssl
/usr/local/ssl/bin/openssl

It shows that the binary file is updated.

For RHEL/CentOS

Run the following command to backup the old binary files for OpenSSL.

[email protected]:~$ mv /bin/openssl /bin/openssl.BEKUP

Now, run the following command to create new binary file

[email protected]:~$ vim /etc/profile.d/openssl.sh

Paste the following into the file

/etc/profile.d/openssl.sh

#Set OPENSSL_PATH OPENSSL_PATH="/usr/local/ssl/bin" export OPENSSL_PATH PATH=$PATH:$OPENSSL_PATH export PATH

Now save and exit.

Now run the following command to make the openssl.sh file executable.

[email protected]:~$ chmod +x /etc/profile.d/openssl.sh

After that, run the following command to load the environment path.

[email protected]:~$ source /etc/profile.d/openssl.sh
[email protected]:~$ echo $PATH

Now check the OpenSSL Binary file by running the following command

[email protected]:~$ which openssl
/usr/local/ssl/bin/openssl

Verifying The Install

Run the following command to verify the installation of the latest version of OpenSSL on your system

[email protected]:~$ openssl version 

OpenSSL 1.0.2o  27 Aug 2019