Table of Contents
OpenSSL is a robust, widely-used toolkit that provides support for the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a general-purpose cryptography library. Installing and maintaining the latest version of OpenSSL is essential for ensuring secure communication and data protection on your CentOS system.
This tutorial goes through how to install OpenSSL 3+ on CentOS 8 Linux, since the yum repo only installs up to OpenSSL 1.1.1.
#The OpenSSL when installing from repo
openssl version
OpenSSL 1.1.1k FIPS 25 Mar 2021
Before you begin
1️⃣ SSH to your Linux server with a sudo user then update the system then install the require packages:
sudo yum -y update
sudo yum install -y make gcc perl-core pcre-devel wget zlib-devel
2️⃣ Download the latest version of OpenSSL source code:
wget https://ftp.openssl.org/source/openssl-3.1.1.tar.gz
Configure, build and install OpenSSL
3️⃣ Uncompress the source file then change to the OpenSSL directory:
sudo tar -xzvf openssl-3*.tar.gz
cd openssl-3*/
4️⃣ Configure the package for compilation, compile package then install compiled package:
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic
sudo make -j ${nproc}
sudo make test
sudo make install -j ${nproc}
Export library path
5️⃣ Create environment variable file then doad the environment variable:
echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> /etc/profile.d/openssl.sh
source /etc/profile.d/openssl.sh
6️⃣ Finally, verify the OpenSSL version:
[root@ct7 ~]# openssl version
OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
Installation script
All above steps can be run automatically with the below bash script:
sudo yum -y update
sudo yum install -y make gcc perl-core pcre-devel wget zlib-devel
wget https://ftp.openssl.org/source/openssl-3.1.1.tar.gz
sudo tar -xzvf openssl-3*.tar.gz
cd openssl-3*/
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic
sudo make -j ${nproc}
sudo make test
sudo make install -j ${nproc}
echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> /etc/profile.d/openssl.sh
source /etc/profile.d/openssl.sh
openssl version
Create a bash script using your favorite text editor => make it executable then run it.
sudo nano installer.sh
sudo chmod +x installer.sh
./installer.sh
Not a reader? Watch this related video tutorial: