OpenSSL is a library that provides SSL and TLS cryptographic protocols. It is used by a large number of applications for security-related purposes. penSSL is also used for encrypting and decrypting data. OpenSSL works well with most popular web servers including Apache, NGINX, etc. and supports popular encryption algorithms such as MD5, SHA-2, etc.
By default, it is already installed in most Linux systems. But if that isn't the case in your system, or if you want to upgrade your built-in OpenSSL, this article provides guidance for installing OpenSSL from source on your Ubuntu system.
Update all packages
Before installing any new package or software application, it is suggested that you refresh your system cache. To do this, run the below-mentioned command to update the apt packages list on Ubuntu.
sudo apt update
On Fedora/CentOS/RHEL, you would have to run :
sudo yum check-update sudo yum update
Install build dependencies
Before compiling OpenSSL library from source, we must install the build-essential package on Ubuntu or the Development Tools package on CentOS/Fedora/RHEL.
Install the Ubuntu repository and software compilation dependencies using the apt command below.
sudo apt install build-essential checkinstall zlib1g-dev -y
This command installs three essential packages that are needed to compile Debian packages - build-essential, checkinstall, and zlib1g-dev. The latter allows applications to conveniently read and write gzip compatible files.
Install the required development tools and packages libraries using the yum command on CentOS/Fedora/RHEL.
yum group install 'Development Tools'
yum install perl-core zlib-devel -yCode language: JavaScript (javascript)After the installation is complete, go to the next step.
Grab OpenSSL source code
Next, we'll need to download OpenSSL from the source. This will ensure that we always have the latest version running on our machine. To do so, type the following command.
cd /usr/local/src/
sudo wget https://www.openssl.org/source/openssl-1.1.1m.tar.gzCode language: JavaScript (javascript)Now that we have downloaded the source code and installed all the necessary dependencies, we can begin to build OpenSSL from source. Run the following commands to extract the .tar.gz file you've just downloaded and navigate into its contents.
sudo tar -xf openssl-1.1.1m.tar.gz
cd openssl-1.1.1mCode language: CSS (css)We are now going to install OpenSSL which we downloaded using the command below:
sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
sudo make
sudo make test
sudo make installCode language: JavaScript (javascript)In the command above, --prefix and --openssldir set the output path of the OpenSSL, while shared option force the build to create a shared library, zlib enables the compression using zlib library.
The command may take a while to complete the build process. Once it's done, OpenSSL is installed in the /usr/local/ssl directory.
Next, we will configure the shared libraries for OpenSSL so that they load at runtime. The newly installed OpenSSL binary will load library files from the /usr/local/ssl/lib directory.
Go to the /etc/ld.so.conf.d directory and create new configuration file openssl-1.1.1m.conf by running the following command.
sudo nano /etc/ld.so.conf.d/openssl-1.1.1m.conf
The openssl-1.1.1m.conf should contain the path to OpenSSL library, which should be only one line like below.
/usr/local/ssl/lib
Now save and exit the editor and run the following command to reload the dynamic link with full debug output.
sudo ldconfig -v
And you will see that the OpenSSL libraries on the /usr/local/ssl/lib directory has been loaded.
Configure updated OpenSSL
Next, we have to configure system environment so that it recognizes the newly installed OpenSSL located at /usr/local/ssl/bin/openssl, instead of the default one at /usr/bin/openssl or /bin/openssl.
But first, we need to backup the binary files.
sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup sudo mv /usr/bin/openssl /usr/bin/openssl.backup
Next we need to edit /etc/environment file to include /usr/local/ssl/bin into our PATH environment variable system-wide.
sudo nano /etc/environment
Put :/usr/local/ssl/bin into the end of the line. Notice that we separate entries with a colon and wraps everything in a double-quote.
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"Code language: JavaScript (javascript)Next, reload the OpenSSL environment and check the PATH to see if the modification takes effect or not using the commands below:
source /etc/environment
echo $PATHCode language: PHP (php)
You can verify our OpenSSL installation by checking its version using the command below
openssl version -a
We hope that the information above helped you successfully install OpenSSL on your Ubuntu system. We've also covered other software installation for Linux, such as How to install CMake, Airflow, Cura and ADB/fastboot on CentOS, in case you're interested. If you have any suggestion, please feel free to leave a comment below.
Very Good ! Works !
In my case, after the update, Openssl version is 1.1.1m but the libs continued in 1.1.1f.
To fix, only:
cd /usr/local/ssl
sudo rmdir certs
sudo ln -s /etc/ssl/certs
sudo rmdir private/
sudo ln -s /etc/ssl/private
sudo mv openssl.cnf openssl.cnf.original
sudo ln -s /etc/ssl/openssl.cnf