OpenSSL is a library that provides SSL and TLS cryptographic protocols. It is used by a large number of applications for security-related purposes. penSSL is also used for encrypting and decrypting data. OpenSSL works well with most popular web servers including Apache, NGINX, etc. and supports popular encryption algorithms such as MD5, SHA-2, etc.
By default, it is already installed in most Linux systems. But if that isn’t the case in your system, or if you want to upgrade your built-in OpenSSL, this article provides guidance for installing OpenSSL from source on your Ubuntu system.
Update all packages
Before installing any new package or software application, it is suggested that you refresh your system cache. To do this, run the below-mentioned command to update the apt packages list on Ubuntu.
sudo apt update
On Fedora/CentOS/RHEL, you would have to run :
sudo yum check-update sudo yum update
Install build dependencies
Before compiling OpenSSL library from source, we must install the
build-essential package on Ubuntu or the
Development Tools package on CentOS/Fedora/RHEL.
Install the Ubuntu repository and software compilation dependencies using the apt command below.
sudo apt install build-essential checkinstall zlib1g-dev -y
This command installs three essential packages that are needed to compile Debian packages –
zlib1g-dev. The latter allows applications to conveniently read and write gzip compatible files.
Install the required development tools and packages libraries using the yum command on CentOS/Fedora/RHEL.
yum group install 'Development Tools' yum install perl-core zlib-devel -y
After the installation is complete, go to the next step.
Grab OpenSSL source code
Next, we’ll need to download OpenSSL from the source. This will ensure that we always have the latest version running on our machine. To do so, type the following command.
cd /usr/local/src/ sudo wget https://www.openssl.org/source/openssl-1.1.1m.tar.gz
Notice : The URL in the command above is for demonstrative purpose only. It is recommended that you visit official OpenSSL release page to find the latest version of OpenSSL, which includes all the security patch and bug fixes.
Now that we have downloaded the source code and installed all the necessary dependencies, we can begin to build OpenSSL from source. Run the following commands to extract the
.tar.gz file you’ve just downloaded and navigate into its contents.
Code language: CSS (css)
sudo tar -xf openssl-1.1.1m.tar.gz cd openssl-1.1.1m
We are now going to install OpenSSL which we downloaded using the command below:
sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib sudo make sudo make test sudo make install
In the command above,
--openssldir set the output path of the OpenSSL, while
shared option force the build to create a shared library,
zlib enables the compression using zlib library.
The command may take a while to complete the build process. Once it’s done, OpenSSL is installed in the
Next, we will configure the shared libraries for OpenSSL so that they load at runtime. The newly installed OpenSSL binary will load library files from the
Go to the
/etc/ld.so.conf.d directory and create new configuration file
openssl-1.1.1m.conf by running the following command.
sudo nano /etc/ld.so.conf.d/openssl-1.1.1m.conf
openssl-1.1.1m.conf should contain the path to OpenSSL library, which should be only one line like below.
Now save and exit the editor and run the following command to reload the dynamic link with full debug output.
sudo ldconfig -v
And you will see that the OpenSSL libraries on the
/usr/local/ssl/lib directory has been loaded.
Configure updated OpenSSL
Next, we have to configure system environment so that it recognizes the newly installed OpenSSL located at
/usr/local/ssl/bin/openssl, instead of the default one at
But first, we need to backup the binary files.
sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup sudo mv /usr/bin/openssl /usr/bin/openssl.backup
Next we need to edit /etc/environment file to include
/usr/local/ssl/bin into our PATH environment variable system-wide.
sudo nano /etc/environment
:/usr/local/ssl/bin into the end of the line. Notice that we separate entries with a colon and wraps everything in a double-quote.
Next, reload the OpenSSL environment and check the PATH to see if the modification takes effect or not using the commands below:
Code language: PHP (php)
source /etc/environment echo $PATH
You can verify our OpenSSL installation by checking its version using the command below
openssl version -a
We hope that the information above helped you successfully install OpenSSL on your Ubuntu system. We’ve also covered other software installation for Linux, such as How to install CMake, Airflow, Cura and ADB/fastboot on CentOS, in case you’re interested. If you have any suggestion, please feel free to leave a comment below.