Hi there, today I would like to show you how to install latest version of OpenSSL (1.1.1c) on CentOS 7
Mar 29, 2021 描述. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. The Win32/Win64 OpenSSL Installation Project is dedicated to providing a simple installation of OpenSSL for Microsoft Windows. It is easy to set up and easy to use through the simple, effective installer. Some people have offered to provide OpenSSL binary distributions for selected operating systems. The condition to get a link here is that the link is stable and can provide continued support for OpenSSL for a while. Note: many Linux distributions come with pre-compiled OpenSSL packages. How to install ssl on RHEL 8 / CentOS 8 step by step instructions. Openssl is a base package present by default on even a minimal RHEL 8 / CentOS 8 installation. If removed by accident or broken, the package can be installed after enabling the subscription management repositories. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle.
Do I need latest version of OpenSSL?
In general - you don't. Default version is doing great job and it's secure. I needed it for compiling Apache HTTP with HTTP/2 support back then and now I'm using new version every time it's released. If you need it for any other reason, this tutorial is for you:)
How to check current version of OpenSSL?
In order to check current version of installed package you need to execute following command:
It will print out version of installed package like OpenSSL 1.0.2k-fips 26 Jan 2017
How to install latest version of OpenSSL?
I compile OpenSSL from source code. In order to compile it successfully you need to install some tools that will help you compile it:
It will install compiler and few other libraries that are required to compile OpenSSL.
Next download latest version of OpenSSL source code. I like to use releases page on GitHub. I choose the version without FIPS simply because I don't need compatibility with it. And I think that it's a bit more secure to have OpenSSL without FIPS, as fixes are usually included much faster in regular version than in FIPS version. If you want to read more about it, use this link.
In order to download source code, use following command:
Source code comes in compressed package. In order to decompress it use following command:
Now it's time to configure and compile OpenSSL:
openssldir sets the output paths for OpenSSL.
shared will force crating shared libraries and
zlib means that compression will be performed by using zlib library
It is worth to run the tests to see if there are any unexpected errors. If there are any, you need to fix them before installing library.
In order to install library you need to execute:
Once the OpenSSL is installed, you can remove the sources and tar.gz package.
Add new version to PATH
Centos Install Openssl Libs
After the installation you will probably want to check the version of OpenSSL but it will print out old version. Why? Because it's also installed on your server. I rarely override packages installed via yum. The reason is that when there is new version of OpenSSL and you will install it via yum, it will simply override compiled version, and you will have to recompile it again.
Instead of overriding files I personally like to create new profile entry and force the system to use compiled version of OpenSSL.
Openssl_libs Environment Variable
In order to do that, create following file:
and paste there following content:
Save the file and reload your shell, for instance log out and log in again. Then you can check the version of your OpenSSL client. Or maybe...
Or maybe you will get an error with loading shared libraries? In order to fix that problem we need to create an entry in ldconfig.
Create following file:
And paste there following contents:
Openssl Lib Ubuntu
We simply told the dynamic linker to include new libraries. After creating the file you need to reload linker by using following command:
And volia! Check the version of your OpenSSL now. It should print out OpenSSL 1.1.1c 28 May 2019