In this article, we’ll explain how to install OpenSSL 1.1.1i in CentOS 8.
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.
OpenSSL is licensed under an Apache-style license, which means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions. For a list of vulnerabilities, and the releases in which they were found and fixes, see our Vulnerabilities page.
Prerequisites
- A CentOS 8 installed dedicated server or KVM VPS.
- A root user access or normal user with administrative privileges.
1. Keep the server up to date
Always keep the server up to date the security purpose.
# dnf update -y
2. Install development tool
We need to install a development tool and few dependencies to install OpenSSL
# dnf group install ‘Development Tools’
3. Install dependencies
# dnf install perl-core zlib-devel -y
4. Download OpenSSL 1.1.1i
We will download the latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.
# cd /usr/local/src/
# wget https://www.openssl.org/source/openssl-1.1.1i.tar.gz
Now, extract the tar file
# tar -xzvf openssl-1.1.1i.tar.gz
5. Configure and build
Navigate to the extracted directory and configure, build, test and install OpenSSL in the default location /usr/local/ssl.
# cd openssl-1.1.1i
Configure it with PATH
# ./config –prefix=/usr/local/ssl –openssldir=/usr/local/ssl shared zlib
Output:
Now, build
# make
# make test
# make install
6. Configure it shared libraries.
Once we have successfully installed OpenSSL, configure it shared libraries.
Naviagate to the /etc/ld.so.conf.d directory and create a configuration file.
# cd /etc/ld.so.conf.d/
# vi openssl-1.1.1i.conf
Add the following path in the config file
/usr/local/ssl/lib
Save and exit
Reload the dynamic link
# ldconfig -v
7. Configure OpenSSL Binary
Now, we are going to insert the binary of our new version of OpenSSL /usr/local/ssl/bin/openssl and replace the default openssl file.
First, take a backup of existed openssl file.
# mv /bin/openssl /bin/openssl.backup
Create new environment files for OpenSSL
# vi /etc/profile.d/openssl.sh
and add the following lines
OPENSSL_PATH=”/usr/local/ssl/bin”
export OPENSSL_PATH
PATH=$PATH:$OPENSSL_PATH
export PATH
Save & exit
Make the newly created file executable
# chmod +x /etc/profile.d/openssl.sh
Reload the new OpenSSL environment file and check the default PATH
# source /etc/profile.d/openssl.sh
# echo $PATH
Now, let’s verify the installation and version of the OpenSSL
# which openssl
# openssl version -a
Output will be similar like:
OpenSSL 1.1.1i 8 Dec 2020
built on: Sun Jan 10 03:58:36 2021 UTC
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,–noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: “/usr/local/ssl”
ENGINESDIR: “/usr/local/ssl/lib/engines-1.1”
Seeding source: os-specific
That’s it, the installation has been completed successfully.
In this article, we’ve learned how to install OpenSSL 1.1.1i in CentOS 8.