Linux Commands and Scripts

Install OpenSSL 1.1.1i in CentOS 8

In this article, we’ll explain how to install OpenSSL 1.1.1i in CentOS 8.

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.

OpenSSL is licensed under an Apache-style license, which means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions. For a list of vulnerabilities, and the releases in which they were found and fixes, see our Vulnerabilities page.

Prerequisites

1. Keep the server up to date

Always keep the server up to date the security purpose.

# dnf update -y

2. Install development tool

We need to install a development tool and few dependencies to install OpenSSL

# dnf group install ‘Development Tools’

3. Install dependencies

# dnf install perl-core zlib-devel -y

4. Download OpenSSL 1.1.1i

We will download the latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.

# cd /usr/local/src/

# wget https://www.openssl.org/source/openssl-1.1.1i.tar.gz

Now, extract the tar file

# tar -xzvf openssl-1.1.1i.tar.gz

5. Configure and build

Navigate to the extracted directory and configure, build, test and install OpenSSL in the default location /usr/local/ssl.

# cd openssl-1.1.1i

Configure it with PATH

# ./config –prefix=/usr/local/ssl –openssldir=/usr/local/ssl shared zlib

Output:

Install OpenSSL 1.1.1i in CentOS 8

Now, build

# make

# make test

# make install

6. Configure it shared libraries.

Once we have successfully installed OpenSSL, configure it shared libraries.

Naviagate to the /etc/ld.so.conf.d directory and create a configuration file.

# cd /etc/ld.so.conf.d/

# vi openssl-1.1.1i.conf

Add the following path in the config file

/usr/local/ssl/lib

Save and exit

Reload the dynamic link

# ldconfig -v

7. Configure OpenSSL Binary

Now, we are going to insert the binary of our new version of OpenSSL /usr/local/ssl/bin/openssl and replace the default openssl file.

First, take a backup of existed openssl file.

# mv /bin/openssl /bin/openssl.backup

Create new environment files for OpenSSL

# vi /etc/profile.d/openssl.sh

and add the following lines

OPENSSL_PATH=”/usr/local/ssl/bin”
export OPENSSL_PATH
PATH=$PATH:$OPENSSL_PATH
export PATH

Save & exit

Make the newly created file executable

# chmod +x /etc/profile.d/openssl.sh

Reload the new OpenSSL environment file and check the default PATH

# source /etc/profile.d/openssl.sh
# echo $PATH

Now, let’s verify the installation and version of the OpenSSL

# which openssl
# openssl version -a

Output will be similar like:

OpenSSL 1.1.1i 8 Dec 2020
built on: Sun Jan 10 03:58:36 2021 UTC
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,–noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: “/usr/local/ssl”
ENGINESDIR: “/usr/local/ssl/lib/engines-1.1”
Seeding source: os-specific

That’s it, the installation has been completed successfully.

In this article, we’ve learned how to install OpenSSL 1.1.1i in CentOS 8.

Related Articles