2 C
Texas
angeloma
Senior Writer and partner

How to install the latest version of OpenSSL on CentOS 7?

The security in the systems is something that should call our attention to those who like or work with Linux. Especially, if it is a server since in this equipment a lot of important data and services are sustained. In general, we can say that Linux is a fairly secure system because it includes fairly good security policies. However, also thanks to the inclusion of libraries specializing in encryption and data protection. Something vital in a job or in very important personal communications. That is why, in this post, we will show you how to install the latest version of OpenSSL on CentOS 7.

In case you do not know what OpenSSL is, we will tell you. OpenSSL is a security library included in all Linux systems. Its main objective is to provide an open source implementation of TLS and SSL protocols that protect and encrypt the transmission of data over a network. It is really important to use it because if our transmitted data falls into the hands of a third party, that person must decrypt it to get the information. This process is not easy to do, so by doing so, we safeguard the data.

So, let us start to install the latest version of OpenSSL on CentOS 7.

1.- Upgrade the system and install required packages

The first step is to update the system completely. This way you will have available all the available security updates.

- Advertisement -
:~$ su
:~# yum update

1.- Update the system
1.- Update the system

Then, you have to install some required packages to install OpenSSL.

:~# yum install make gcc perl pcre-devel zlib-devel

2.- Install some required packages to install OpenSSL on CentOS
2.- Install some required packages to install OpenSSL on CentOS

2. Install the latest version of OpenSSL on CentOS 7

OpenSSL is included in almost all Linux distributions. The problem is that they include older versions that although maintained by the distribution itself to be safe, are not the most recent. So for that, we will use the safest method which is to install it from its source code. With this, we will get a clean and reliable system.

So, first, you need to download the latest version using wget. Install it first.

:~# yum install wget
:~# wget https://ftp.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz

3.- Download the latest version of OpenSSL
3.- Download the latest version of OpenSSL

Of course, at the time of writing this post, the latest stable version of OpenSSL is 1.1.1.

After that, decompress the file.

:~# tar xvf openssl-1.1.1.tar.gz

4.- Decompress the file
4.- Decompress the file

Next, navigate to the generated folder.

:~# cd openssl-1.1.1/

Then, you have to start configuring the package compilation using ./configure. Besides that, you have to use some parameters like the prefix where the route will be established.

:~# ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic

5.- Configure OpenSSL
5.- Configure OpenSSL

Now, begin compilation.

:~# make
:~# make test

Finally, install OpenSSL.

:~# make install

6.- Install the latest version of OpenSSL on CentOS
6.- Install the latest version of OpenSSL on CentOS

The process may take a few minutes. So you have to wait for it to finish.

Then, so you do not have problems using the library, you need to export the paths.

:~# export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64
:~# echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> ~/.bashrc

Finally, check the OpenSSL version.

:~# openssl version

7.- OpenSSL installed
7.- OpenSSL installed

So, that’s it.

Conclusion

OpenSSL is a very important library of the Linux system. So it’s a good idea to have its latest version installed, to improve system security and data encryption. The installation process from the source code is not difficult and has many advantages.

Please share this post with your friends.

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
"The best Linux newsletter on the web"

25 COMMENTS

  1. I’ve been pulling my hair out for several days now on how to do it properly, and then you post this. Thanks for sharing.

  2. Unix has been around long enough that this kind of deep dive shouldn’t be required. Installer programs should handle it with a click of the mouse.

    • Maybe, my friend, but remember that Unix-based systems are used on servers and it is not recommended to use a graphical interface there.

      Thank you for commenting.

  3. Thanks for the post.
    On a CentOS minimal install I had to install the following additional packages to pass the `make test` succesfully
    yum install perl-Module-Load-Conditional perl-Test-Harness perl-core

  4. After the installation, my openssl is still the old version 1.0.2k. What should I do to make apache using currently version? Thank you very much!

  5. Thanks for the awesome tutorial. Everything installed fine but unfortunately something isn’t quite right.
    This shows correct.
    $ openssl version
    OpenSSL 1.1.1c 28 May 2019

    Unfortunately this still shows the old version.
    $ yum list installed | grep openssl
    openssl.x86_64 1:1.0.2k-16.el7_6.1 installed
    openssl-libs.x86_64 1:1.0.2k-16.el7_6.1 installed

    This is on a fresh install of Centos 7.6.1810. I’m not sure where I should check.
    Thanks again for your awesome tutorial!

    • Hey, buddy, it’s all right. When you run the openssl command you are using the latest version path. However yum verifies the versions installed as packages.

      In this case, you have installed openssl from the source code, not as a package. Therefore, yum will only show the old version which is the default package.

  6. Hello,

    Thanks for the tutorial.

    with openssl version I have “OpenSSL 1.1.1.1d 10 Sep 2019”
    but when I want to install Nginx I built with OpenSSL 1.0.2k-fips 26 Jan 2017 and not with OpenSSl 1.1.1.1d I don’t understand why.

  7. I installed successfully following your directions. However, when compiling a new version of nginx, it can’t find openssl. I’ve tried everything I can think of in the .configure statement for nginx, “–with-openssl=” switch, including:
    /etc/ssl
    /usr/local/lib
    /usr/local/lib64

    I keep getting the error:
    && make install_sw LIBDIR=lib
    /bin/sh: line 2: ./config: No such file or directory
    make[1]: *** [/etc/ssl/.openssl/include/openssl/ssl.h] Error 127
    (or whatever path I used)

    What should I use there? Thanks for any help!

    • Okay, I used the directory I used for installing, /tmp/openssl-1.1.1, and it worked. I guess I should not have installed into the /tmp directory. Should I reinstall into another directory, or can I just leave it as it is, and go ahead and compile nginx? Or can I just move the openssl-1.1.1 directory, and compile from there? What is the best place to install it?

      I only did the nginx ‘make’ command, I have not done ‘make install’ yet, awaiting your response.

      Thank you!

  8. I am not totally getting this.

    What did you do with the system’s default/old openssl installation (files in /usr/bin/openssl, /etc/pki, /usr/share/doc/openssl-1.0.2k, /usr/share/man/man1/)? and openssl-devel, openssl-lib? no potential conflicts?

    where is the binary installed with the new version? did it overwrite the system default version?

    Thanks!

  9. The “./config –prefix=/usr –openssldir=/etc/ssl –libdir=lib no-shared zlib-dynamic” fails; what would cause this?

  10. “./config –prefix=/usr –openssldir=/etc/ssl –libdir=lib no-shared zlib-dynamic” fails with the message Pod/Escaped.pm did not return a true value at /usr/share/perl5/Pod/Simple.pm line 8. Any ideas on a fix for this

  11. This was very helpful. There is a big security flaw in the version most of my servers have installed. These instructions are complete and worked the first time in my environment.

LEAVE A REPLY

Please enter your comment!
Please enter your name here



Latest article