Table of Contents
This tutorial goes through how to install OpenSSL 3+ on CentOS 7, since the yum repo only installs up to OpenSSL 1.0. Below is the error when we try to install a package that requires OpenSSL 1.1.1+.
ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the ‘ssl’ module is compiled with ‘OpenSSL 1.0.2k-fips 26 Jan 2017’. See: https://github.com/urllib3/urllib3/issues/2168
#The OpenSSL when installing from repo
openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017Before you begin
CentOS 7 is end of support, so, before you begin, you need to SSH to your server then change the update repositories.
sudo sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo
sudo sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo
sudo sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo
sudo -- bash -c 'echo "sslverify=false" >> /etc/yum.conf'1. First, refresh the update repos then install the require packages:
sudo yum -y update
sudo yum install -y make gcc perl-core pcre-devel wget zlib-devel2. Download the latest version of OpenSSL source code:
wget https://www.openssl.org/source/openssl-3.1.6.tar.gzConfigure, build and install OpenSSL
3. Uncompress the source file then change to the OpenSSL directory:
sudo tar -xzvf openssl-3*.tar.gz
cd openssl-3*4. Configure the package for compilation, compile package then installs compiled package:
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic
sudo make -j ${nproc}
sudo make test
sudo make install -j ${nproc} Export library path
5. Create environment variable file then load the environment variable:
echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> /etc/profile.d/openssl.sh
source /etc/profile.d/openssl.sh6. Finally, verify the OpenSSL version:
[root@ct7 ~]# openssl version
OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)Installation script
All above steps can be run automatically with the below bash script:
sudo yum -y update
sudo yum install -y make gcc perl-core pcre-devel wget zlib-devel
wget https://www.openssl.org/source/openssl-3.1.6.tar.gz
sudo tar -xzvf openssl-3*.tar.gz
cd openssl-3*
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic
sudo make -j ${nproc}
sudo make test
sudo make install -j ${nproc}
echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> /etc/profile.d/openssl.sh
source /etc/profile.d/openssl.sh
openssl versionCreate a bash script using your favorite text editor => make it executable then run it.
sudo nano installer.shsudo chmod +x installer.sh
./installer.shDirect installation bash script
sudo wget -qO - https://bonguides.com/linux/openssl3 | bashNot a reader? Watch this related video tutorial:
