How To Install OpenSSL From Source On Linux

This comprehensive Linux guide expects that you run the following commands as root user but if you decide to run the commands as a different user then ensure that the user has sudo access and that you precede each of the privileged commands with sudo

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
OpenSSL is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.

In this tutorial, we will explain you how to install the latest version of OpenSSL from source on your linux system.

Table of Contents

Installing Dependencies

Before we start the installation of OpenSSL on your linux sytem, we first need to install the dependencies. You can follow the commands below to do so.

On Debian/Ubuntu

Run the following commands

root@codesposts:~$ apt update
root@codesposts:~$ apt install build-essential checkinstall zlib1g-dev -y

On RHEL/CentOS

Run the following commands

root@codesposts:~$ yum group install 'Development Tools'
root@codesposts:~$ yum install perl-core zlib-devel -y

Downloading OpenSSL

After installing the dependencies, you can download the latest version of OpenSSL by running the following commands on your system.

At this moment, OpenSSL 1.0.2 is the latest version available.

First, go to /usr/local/src/ directory by running the following command

root@codesposts:~$ cd /usr/local/src/

Then run the following command to download the OpenSSL

root@codesposts:~$ wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz

Extracting Downloaded Files

Now, run the following commands to extract the downloaded files.

root@codesposts:~$ tar -xf openssl-1.0.2o.tar.gz
root@codesposts:~$ cd openssl-1.0.2o

Installing OpenSSL

Now, run the following commands to configure and compile OpenSSL

root@codesposts:~$ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
root@codesposts:~$ make
root@codesposts:~$ make test

Now run the following command

root@codesposts:~$ make install

Configuring Link Libraries

Now, you need to configure the shared libraries for OpenSSL. To do so, you first need to go to the /etc/ld.so.conf.d/ directory using the following command.

root@codesposts:~$ cd /etc/ld.so.conf.d/

Then run the following command

root@codesposts:~$ vim openssl-1.0.2o.conf

Paste the following path into the file

/usr/local/ssl/lib

Now, save and exit the file.

Now, run the following command to reload the dynamic link

root@codesposts:~$ ldconfig -v

Configuring OpenSSL Binary

Now, we need to configure the binary for OpenSSL by following the steps below

For Ubuntu/Debian

Run the following commands to backup the old binary files and place the new ones.

root@codesposts:~$ mv /usr/bin/c_rehash /usr/bin/c_rehash.BEKUP
root@codesposts:~$ mv /usr/bin/openssl /usr/bin/openssl.BEKUP

Now we need to edit the /etc/environment file, run the following command

root@codesposts:~$ vim /etc/environment

Add the following path to the file

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"

Now save and exit the file.

Now run the following command to reload the environment file

root@codesposts:~$ source /etc/environment
root@codesposts:~$ echo $PATH

Now check the OpenSSL Binary file by running the following command

root@codesposts:~$ which openssl
/usr/local/ssl/bin/openssl

It shows that the binary file is updated.

For RHEL/CentOS

Run the following command to backup the old binary files for OpenSSL.

root@codesposts:~$ mv /bin/openssl /bin/openssl.BEKUP

Now, run the following command to create new binary file

root@codesposts:~$ vim /etc/profile.d/openssl.sh

Paste the following into the file

/etc/profile.d/openssl.sh

#Set OPENSSL_PATH
OPENSSL_PATH="/usr/local/ssl/bin"
export OPENSSL_PATH
PATH=$PATH:$OPENSSL_PATH
export PATH

Now save and exit.

Now run the following command to make the openssl.sh file executable.

root@codesposts:~$ chmod +x /etc/profile.d/openssl.sh

After that, run the following command to load the environment path.

root@codesposts:~$ source /etc/profile.d/openssl.sh
root@codesposts:~$ echo $PATH

Now check the OpenSSL Binary file by running the following command

root@codesposts:~$ which openssl
/usr/local/ssl/bin/openssl

Verifying The Install

Run the following command to verify the installation of the latest version of OpenSSL on your system

root@codesposts:~$ openssl version 

OpenSSL 1.0.2o  27 Aug 2019