How to install the latest version of OpenSSL on CentOS 7?

10
405

The security in the systems is something that should call our attention to those who like or work with Linux. Especially, if it is a server since in this equipment a lot of important data and services are sustained. In general, we can say that Linux is a fairly secure system because it includes fairly good security policies. However, also thanks to the inclusion of libraries specializing in encryption and data protection. Something vital in a job or in very important personal communications. That is why, in this post, we will show you how to install the latest version of OpenSSL on CentOS 7.

In case you do not know what OpenSSL is, we will tell you. OpenSSL is a security library included in all Linux systems. Its main objective is to provide an open source implementation of TLS and SSL protocols that protect and encrypt the transmission of data over a network. It is really important to use it because if our transmitted data falls into the hands of a third party, that person must decrypt it to get the information. This process is not easy to do, so by doing so, we safeguard the data.

So, let us start to install the latest version of OpenSSL on CentOS 7.

1.- Upgrade the system and install required packages

The first step is to update the system completely. This way you will have available all the available security updates.

:~$ su
:~# yum update
1.- Update the system
1.- Update the system

Then, you have to install some required packages to install OpenSSL.

:~# yum install make gcc perl pcre-devel zlib-devel
2.- Install some required packages to install OpenSSL on CentOS
2.- Install some required packages to install OpenSSL on CentOS

2. Install the latest version of OpenSSL on CentOS 7

OpenSSL is included in almost all Linux distributions. The problem is that they include older versions that although maintained by the distribution itself to be safe, are not the most recent. So for that, we will use the safest method which is to install it from its source code. With this, we will get a clean and reliable system.

So, first, you need to download the latest version using wget. Install it first.

:~# yum install wget
:~# wget https://ftp.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz
3.- Download the latest version of OpenSSL
3.- Download the latest version of OpenSSL

Of course, at the time of writing this post, the latest stable version of OpenSSL is 1.1.1.

After that, decompress the file.

:~# tar xvf openssl-1.1.1.tar.gz
4.- Decompress the file
4.- Decompress the file

Next, navigate to the generated folder.

:~# cd openssl-1.1.1/

Then, you have to start configuring the package compilation using ./configure. Besides that, you have to use some parameters like the prefix where the route will be established.

:~# ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic
5.- Configure OpenSSL
5.- Configure OpenSSL

Now, begin compilation.

:~# make
:~# make test

Finally, install OpenSSL.

:~# make install
6.- Install the latest version of OpenSSL on CentOS
6.- Install the latest version of OpenSSL on CentOS

The process may take a few minutes. So you have to wait for it to finish.

Then, so you do not have problems using the library, you need to export the paths.

:~# export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64
:~# echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> ~/.bashrc

Finally, check the OpenSSL version.

:~# openssl -version
7.- OpenSSL installed
7.- OpenSSL installed

So, that’s it.

Conclusion

OpenSSL is a very important library of the Linux system. So it’s a good idea to have its latest version installed, to improve system security and data encryption. The installation process from the source code is not difficult and has many advantages.

Please share this post with your friends.

10 COMMENTS

  1. I’ve been pulling my hair out for several days now on how to do it properly, and then you post this. Thanks for sharing.

  2. Unix has been around long enough that this kind of deep dive shouldn’t be required. Installer programs should handle it with a click of the mouse.

    • Maybe, my friend, but remember that Unix-based systems are used on servers and it is not recommended to use a graphical interface there.

      Thank you for commenting.

  3. Thanks for the post.
    On a CentOS minimal install I had to install the following additional packages to pass the `make test` succesfully
    yum install perl-Module-Load-Conditional perl-Test-Harness perl-core

  4. Thanks for the awesome tutorial. Everything installed fine but unfortunately something isn’t quite right.
    This shows correct.
    $ openssl version
    OpenSSL 1.1.1c 28 May 2019

    Unfortunately this still shows the old version.
    $ yum list installed | grep openssl
    openssl.x86_64 1:1.0.2k-16.el7_6.1 installed
    openssl-libs.x86_64 1:1.0.2k-16.el7_6.1 installed

    This is on a fresh install of Centos 7.6.1810. I’m not sure where I should check.
    Thanks again for your awesome tutorial!

    • Hey, buddy, it’s all right. When you run the openssl command you are using the latest version path. However yum verifies the versions installed as packages.

      In this case, you have installed openssl from the source code, not as a package. Therefore, yum will only show the old version which is the default package.

LEAVE A REPLY

Please enter your comment!
Please enter your name here