This comprehensive Linux guide expects that you run the following commands as root user but if you decide to run the commands as a different user then ensure that the user has
sudo
access and that you precede each of the privileged commands withsudo
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.
OpenSSL is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.
In this tutorial, we will explain you how to install the latest version of OpenSSL from source on your linux system.
Installing Dependencies
Before we start the installation of OpenSSL on your linux sytem, we first need to install the dependencies. You can follow the commands below to do so.
On Debian/Ubuntu
Run the following commands
[email protected]:~$ apt update
[email protected]:~$ apt install build-essential checkinstall zlib1g-dev -y
On RHEL/CentOS
Run the following commands
[email protected]:~$ yum group install 'Development Tools'
[email protected]:~$ yum install perl-core zlib-devel -y
Downloading OpenSSL
After installing the dependencies, you can download the latest version of OpenSSL by running the following commands on your system.
At this moment, OpenSSL 1.0.2 is the latest version available.
First, go to /usr/local/src/
directory by running the following command
[email protected]:~$ cd /usr/local/src/
Then run the following command to download the OpenSSL
[email protected]:~$ wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz
Extracting Downloaded Files
Now, run the following commands to extract the downloaded files.
[email protected]:~$ tar -xf openssl-1.0.2o.tar.gz
[email protected]:~$ cd openssl-1.0.2o
Installing OpenSSL
Now, run the following commands to configure and compile OpenSSL
[email protected]:~$ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
[email protected]:~$ make
[email protected]:~$ make test
Now run the following command
[email protected]:~$ make install
Configuring Link Libraries
Now, you need to configure the shared libraries for OpenSSL. To do so, you first need to go to the /etc/ld.so.conf.d/
directory using the following command.
[email protected]:~$ cd /etc/ld.so.conf.d/
Then run the following command
[email protected]:~$ vim openssl-1.0.2o.conf
Paste the following path into the file
/usr/local/ssl/lib
Now, save and exit the file.
Now, run the following command to reload the dynamic link
[email protected]:~$ ldconfig -v
Configuring OpenSSL Binary
Now, we need to configure the binary for OpenSSL by following the steps below
For Ubuntu/Debian
Run the following commands to backup the old binary files and place the new ones.
[email protected]:~$ mv /usr/bin/c_rehash /usr/bin/c_rehash.BEKUP
[email protected]:~$ mv /usr/bin/openssl /usr/bin/openssl.BEKUP
Now we need to edit the /etc/environment
file, run the following command
[email protected]:~$ vim /etc/environment
Add the following path to the file
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"
Now save and exit the file.
Now run the following command to reload the environment file
[email protected]:~$ source /etc/environment
[email protected]:~$ echo $PATH
Now check the OpenSSL Binary file by running the following command
[email protected]:~$ which openssl
/usr/local/ssl/bin/openssl
It shows that the binary file is updated.
For RHEL/CentOS
Run the following command to backup the old binary files for OpenSSL.
[email protected]:~$ mv /bin/openssl /bin/openssl.BEKUP
Now, run the following command to create new binary file
[email protected]:~$ vim /etc/profile.d/openssl.sh
Paste the following into the file
- /etc/profile.d/openssl.sh
-
#Set OPENSSL_PATH OPENSSL_PATH="/usr/local/ssl/bin" export OPENSSL_PATH PATH=$PATH:$OPENSSL_PATH export PATH
Now save and exit.
Now run the following command to make the openssl.sh file executable.
[email protected]:~$ chmod +x /etc/profile.d/openssl.sh
After that, run the following command to load the environment path.
[email protected]:~$ source /etc/profile.d/openssl.sh
[email protected]:~$ echo $PATH
Now check the OpenSSL Binary file by running the following command
[email protected]:~$ which openssl
/usr/local/ssl/bin/openssl
Verifying The Install
Run the following command to verify the installation of the latest version of OpenSSL on your system
[email protected]:~$ openssl version
OpenSSL 1.0.2o 27 Aug 2019