How to Install OpenSSL from Source in CentOS and Ubuntu

Read Time: 3 minsCategories CentOS, Ubuntu 2 Comments

OpenSSL is a full-featured software library that contains an open-source implementation of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, used for securing information transmitted over computer networks.

It is a general-purpose cryptography library and supports a number of different cryptographic algorithms including AES, Blowfish; MD5, MD4, SHA-1, SHA-2 cryptographic hash functions; RSA, DSA, Diffie–Hellman key exchange, Elliptic curve and many others.

In this article, we will explain how to install the latest stable version of OpenSSL from sources on CentOS and Ubuntu based distributions.

Step 1: Install Development Tools

1. To compile OpenSSL manually from sources, you need to first install few dependencies such as “Development Tools” under RHEL/CentOS/Fedora or “build-essential” in Debian/Ubuntu as shown.

------------------- On CentOS, RHEL & Fedora ------------------- 
# yum group install 'Development Tools' && yum install perl-core libtemplate-perl zlib-devel 

------------------- On Ubuntu & Debian -------------------
$ sudo apt update && apt install build-essential checkinstall zlib1g-dev libtemplate-perl

Step 2: Compile OpenSSL from Sources

2. Next, download the latest stable version of OpenSSL (v1.0.2 at the time of writing, which is a Long Term Support (LTS) release, supported until 31st December 2019), from the download page using following wget command and unpack it using tar command.

$ wget -c https://www.openssl.org/source/openssl-1.0.2p.tar.gz
$ tar -xzvf openssl-1.0.2p.tar.gz

3. Now, move into the extracted directory, configure, build, after a successful build, test the libraries and install OpenSSL in the default location, which is /usr/local/ssl, by running the following commands.

$ cd openssl-1.0.2p/
$ ./config
$ make
$ make test
$ sudo make install

4. Once you have successfully installed OpenSSL, you can move into the installation directory and view the various sub-directories and files using ls command.

$ cd /usr/local/ssl/
$ ls -l

drwxr-xr-x. 2 root root  4096 Aug 22 06:37 bin
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 certs
drwxr-xr-x. 3 root root  4096 Aug 22 06:37 include
drwxr-xr-x. 4 root root  4096 Aug 22 06:37 lib
drwxr-xr-x. 6 root root  4096 Aug 22 06:36 man
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 misc
-rw-r--r--. 1 root root 10835 Aug 22 06:37 openssl.cnf
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 private

The following are important directories you need to take note of:

  • bin – contains the openssl binary and some utility scripts.
  • include/openssl – contains the header files needed for building your own programs that use libcrypto or libssl.
  • lib – contains the OpenSSL library files.
  • lib/engines – contains the OpenSSL dynamically loadable engines.
  • man – contains the OpenSSL man-pages.
  • share/doc/openssl/html – contains HTML rendition of the man-pages.
  • certs – the default location for certificate files.
  • private – the default location for private key files.

5. To check the version of OpenSSL you have just installed, run the following command.

$ /usr/local/ssl/bin/openssl version

OpenSSL 1.0.2p  14 Aug 2018

6. To use the newly installed OpenSSL version on your system, you need to add the directory /usr/local/ssl/bin/ to your PATH, in the file ~/.bashrc (or the equivalent for your shell).

$ vim ~/.bashrc

Add this line at the bottom of the file.

export PATH="/usr/local/ssl/bin:${PATH}"

Save and close the file and reload the configuration using the command below.

$ source .bashrc

7. Now open a new terminal window and run the following commands to confirm that the new OpenSSL binary is located in your PATH and that you can run it without typing its full path.

$ whereis openssl

openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/local/ssl/bin/openssl /usr/share/man/man1/openssl.1ssl.gz

$ openssl version 	

OpenSSL 1.0.2p  14 Aug 2018

That’s all! In this article, we have explained how to install the latest OpenSSL version from source on Linux systems. If you have any questions, use the command form below to reach us.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Previous article:

Install OPCache to Improve PHP Performance in CentOS 7

Next article:

How to Create and Execute a .Jar File in Linux Terminal
Photo of author
Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

Related Posts

2 Comments

Leave a Reply

  1. There was already a version of Open SSL present in the system. I downloaded the tarball (1.1.1n) as explained into the /tmp/ directory and ran the ./configure, make, make test and make install commands.

    Under /usr/local/ssl I find the below directory but no bin. 

    total 32
drwxr-xr-x.  5 root root   140 Jun 30 10:32 .
drwxr-xr-x. 15 root root   168 Jun 30 10:32 ..
drwxr-xr-x.  2 root root     6 Jun 30 10:32 certs
-rw-r--r--.  1 root root   412 Jun 30 10:32 ct_log_list.cnf
-rw-r--r--.  1 root root   412 Jun 30 10:32 ct_log_list.cnf.dist
drwxr-xr-x.  2 root root    48 Jun 30 10:32 misc
-rw-r--r--.  1 root root 10909 Jun 30 10:32 openssl.cnf
-rw-r--r--.  1 root root 10909 Jun 30 10:32 openssl.cnf.dist
drwxr-xr-x.  2 root root     6 Jun 30 10:32 private

    and the system still shows the old version while running openssl version.

    # openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017
    Reply 
  2. $ openssl version

    openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

    To fix this error, one has to run the following commands:

    $ sudo bash -c "echo '/usr/local/lib64' >> /etc/ld.so.conf"
$ sudo ldconfig
$ openssl version
OpenSSL 1.1.1j  16 Feb 2021
    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.