How to Install OpenSSL in Ubuntu

OpenSSL is a library that provides SSL and TLS cryptographic protocols. It is used by a large number of applications for security-related purposes. penSSL is also used for encrypting and decrypting data. OpenSSL works well with most popular web servers including Apache, NGINX, etc. and supports popular encryption algorithms such as MD5, SHA-2, etc.

By default, it is already installed in most Linux systems. But if that isn’t the case in your system, or if you want to upgrade your built-in OpenSSL, this article provides guidance for installing OpenSSL from source on your Ubuntu system.

Update all packages

Before installing any new package or software application, it is suggested that you refresh your system cache. To do this, run the below-mentioned command to update the apt packages list on Ubuntu.

sudo apt update

On Fedora/CentOS/RHEL, you would have to run :

sudo yum check-update
sudo yum update

Install build dependencies

Before compiling OpenSSL library from source, we must install the build-essential package on Ubuntu or the Development Tools package on CentOS/Fedora/RHEL.

Install the Ubuntu repository and software compilation dependencies using the apt command below.

sudo apt install build-essential checkinstall zlib1g-dev -y

This command installs three essential packages that are needed to compile Debian packages – build-essential, checkinstall, and zlib1g-dev. The latter allows applications to conveniently read and write gzip compatible files.

Install the required development tools and packages libraries using the yum command on CentOS/Fedora/RHEL.

yum group install 'Development Tools'
yum install perl-core zlib-devel -y
Code language: JavaScript (javascript)

After the installation is complete, go to the next step.

Grab OpenSSL source code

Next, we’ll need to download OpenSSL from the source. This will ensure that we always have the latest version running on our machine. To do so, type the following command.

cd /usr/local/src/
sudo wget https://www.openssl.org/source/openssl-1.1.1m.tar.gz
Code language: JavaScript (javascript)

Notice : The URL in the command above is for demonstrative purpose only. It is recommended that you visit official OpenSSL release page to find the latest version of OpenSSL, which includes all the security patch and bug fixes.

Now that we have downloaded the source code and installed all the necessary dependencies, we can begin to build OpenSSL from source. Run the following commands to extract the .tar.gz file you’ve just downloaded and navigate into its contents.

sudo tar -xf openssl-1.1.1m.tar.gz
cd openssl-1.1.1m
Code language: CSS (css)

We are now going to install OpenSSL which we downloaded using the command below:

sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
sudo make
sudo make test
sudo make install
Code language: JavaScript (javascript)

In the command above, --prefix and --openssldir set the output path of the OpenSSL, while shared option force the build to create a shared library, zlib enables the compression using zlib library.

The command may take a while to complete the build process. Once it’s done, OpenSSL is installed in the /usr/local/ssl directory.

Configure OpenSSL Shared Libraries

Next, we will configure the shared libraries for OpenSSL so that they load at runtime. The newly installed OpenSSL binary will load library files from the /usr/local/ssl/lib directory.

Go to the /etc/ld.so.conf.d directory and create new configuration file openssl-1.1.1m.conf by running the following command.

sudo nano /etc/ld.so.conf.d/openssl-1.1.1m.conf

The openssl-1.1.1m.conf should contain the path to OpenSSL library, which should be only one line like below.

/usr/local/ssl/lib

Now save and exit the editor and run the following command to reload the dynamic link with full debug output.

sudo ldconfig -v

And you will see that the OpenSSL libraries on the /usr/local/ssl/lib directory has been loaded.

Configure updated OpenSSL

Next, we have to configure system environment so that it recognizes the newly installed OpenSSL located at /usr/local/ssl/bin/openssl, instead of the default one at /usr/bin/openssl or /bin/openssl.

But first, we need to backup the binary files.

sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup
sudo mv /usr/bin/openssl /usr/bin/openssl.backup

Next we need to edit /etc/environment file to include /usr/local/ssl/bin into our PATH environment variable system-wide.

sudo nano /etc/environment

Put :/usr/local/ssl/bin into the end of the line. Notice that we separate entries with a colon and wraps everything in a double-quote.

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"
Code language: JavaScript (javascript)

Next, reload the OpenSSL environment and check the PATH to see if the modification takes effect or not using the commands below:

source /etc/environment
echo $PATH
Code language: PHP (php)

You can verify our OpenSSL installation by checking its version using the command below

openssl version -a

We hope that the information above helped you successfully install OpenSSL on your Ubuntu system. We’ve also covered other software installation for Linux, such as How to install CMake, Airflow, Cura and ADB/fastboot on CentOS, in case you’re interested. If you have any suggestion, please feel free to leave a comment below.