Table of Contents
This tutorial goes through how to install OpenSSL 1.1.1 on CentOS 7, since the yum repo only installs up to OpenSSL 1.0. Below is the error when we try to install a package that requires OpenSSL 1.1.1+.
ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the ‘ssl’ module is compiled with ‘OpenSSL 1.0.2k-fips 26 Jan 2017’. See: https://github.com/urllib3/urllib3/issues/2168
#The OpenSSL when installing from repo
openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
Before you begin
1️⃣ SSH to your Linux server with a sudo user then update the system then install the require packages:
sudo yum -y update
sudo yum install -y make gcc perl-core pcre-devel wget zlib-devel
2️⃣ Download the latest version of OpenSSL source code:
wget https://ftp.openssl.org/source/openssl-1.1.1k.tar.gz
Configure, build and install OpenSSL
3️⃣ Uncompress the source file then change to the OpenSSL directory:
sudo tar -xzvf openssl-1*.tar.gz
cd openssl-1*
4️⃣ Configure the package for compilation, compile package then install compiled package:
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic
sudo make -j ${nproc}
sudo make test
sudo make install -j ${nproc}
Export library path
5️⃣ Create environment variable file then doad the environment variable:
echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> /etc/profile.d/openssl.sh
source /etc/profile.d/openssl.sh
6️⃣ Finally, verify the OpenSSL version:
[root@vps]# openssl version
OpenSSL 1.1.1k 25 Mar 2021
Installation script
All above steps can be run automatically with the below bash script:
sudo yum -y update
sudo yum install -y make gcc perl-core pcre-devel wget zlib-devel
wget https://ftp.openssl.org/source/openssl-1.1.1k.tar.gz
sudo tar -xzvf openssl-1*.tar.gz
cd openssl-1*
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic
sudo make -j ${nproc}
sudo make test
sudo make install -j ${nproc}
echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> /etc/profile.d/openssl.sh
source /etc/profile.d/openssl.sh
openssl version
Create a bash script using your favorite text editor => make it executable then run it.
sudo nano installer.sh
sudo chmod +x installer.sh
./installer.sh
#Output
Not a reader? Watch this related video tutorial: