Menu

How to Install OpenSSL – Upgrade to the latest version

In this article, we will learn how to install OpenSSL on Linux.

OpenSSL is an essential toolkit for implementing secure communications through the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. 

OpenSSL provides encryption, decryption, and security features for protecting data transmitted over networks. Whether you need to install OpenSSL for the first time or upgrade an existing version, we will walk you through the complete process with a step-by-step guide on a Linux system.

How to install OpenSSL?

Are you looking to install OpenSSL on your Linux server or computer but not sure where to start? Do not worry! We will help you with a step-by-step guide on how to install OpenSSL. Before installing, let’s understand what OpenSSL is and why we use it.

What is OpenSSL?

OpenSSL is a robust, open-source toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It is crucial for encrypting data and ensuring secure connections between systems.

Why is it Used on Servers?

OpenSSL is widely employed on servers to secure server-client communications and protect sensitive information. It ensures that data transmitted over networks is encrypted and secure from unauthorized access.

Install or upgrade OpenSSL? What to do

Deciding whether to install or upgrade OpenSSL is straightforward. If you already have an older version of OpenSSL installed, you should upgrade it to the latest version available in your repository. On the other hand, if OpenSSL is not currently installed on your system, you will need to perform a fresh installation. Here we have covered both scenarios.

We will provide a step-by-step guide on how to install or upgrade OpenSSL on your Linux system, ensuring you have the latest version.

Method 1: Check if OpenSSL is already installed

Run the “openssl” command in a terminal:

openssl version

Or

openssl version -a

If it’s installed, you’ll see something like below:

Check installed openssl version

If you get an error something like “command not found”, then you don’t have OpenSSL on your system. In this case, you have to follow below Method 2 to install OpenSSL from the source.

Upgrade the OpenSSL

If you already have OpenSSL installed, you can simply upgrade it through your available repository. This can be done by typing the below mentioned commands in your terminal or via SSH.

OpenSSL is available in the default repository of all distributions, and can be installed on Debian-based systems using yum. If you have Ubuntu or similar linux you can use “apt” instead of “yum”.

To update OpenSSL, follow these steps in your terminal:

Step 1: Update the package lists:

sudo yum update

You will get a similar screen:

Check for updates using yum update

Check for OpenSSL in the package list. If it shows a new version then you can proceed with the next step 2.

Otherwise follow Method 2 Install OpenSSL from the source. As you can see in the above image we do not have packages with new updates for OpenSSL. So we will install OpenSSL from the source.

Step 2: Upgrade OpenSSL:

sudo yum install --only-upgrade openssl

or

sudo yum install upgrade openssl

Step 3: Verify the update: After updating, you can check the installed version of OpenSSL to confirm the update was successful:

openssl version

openssl version -a

You need to restart Apache after the update. Or better reboot the server if possible, so that all applications that use OpenSSL will load the new version.

Method 2: Install OpenSSL from the source

The latest version of OpenSSL is available on the Official OpenSSL Library, and can be installed manually on Linux.

Step 1: Go to the Official Openssl Downloads page.

Download and Install the latest OpenSSL version.

Copy the link to the version you want to install. For example, I chose openssl-3.3.1.tar.gz. You can replace “openssl-3.3.1.tar.gz” with the actual available latest version.

Step 2: In a terminal on your system, use wget to download the package

wget https://www.openssl.org/source/openssl-3.3.1.tar.gz

Note: If you are getting any certificate error after executing the above command, you have to run the below command. This command will tell wget to ignore certificate errors. When you download files over HTTPS.

wget --no-check-certificate https://www.openssl.org/source/openssl-3.3.1.tar.gz

Step 3: Once the download is finished and the archive is on the computer, you can extract the files with the below command:

tar -zxvf openssl-3.3.1.tar.gz

Step 3: Go to the “openssl-3.3.1” directory by using the below command

cd openssl-3.3.1

Step 4: Make sure you have the requirements to compile the files:

sudo yum install build-essential

Step 5: Compile and Install OpenSSL:

Configure, compile, and install OpenSSL by executing the following commands:

./configure

If it doesn’t work, use ./config. Then run the below commands:

Make

sudo make install

If ./configure gives any error and you are unable to make and install the SSL you can follow the below steps to fix the errors.

Install Missing Perl Modules

To install the IPC::Cmd Perl module, you can use CPAN (Comprehensive Perl Archive Network) or your package manager. Here’s how to do it using both methods:

Using CPAN:

  1. Install cpan if it’s not already installed:

    sudo dnf install perl-CPAN
  2. Install the IPC::Cmd module:

    sudo cpan IPC::Cmd

After installing IPC::Cmd module 

Repeat the above Step 5:

Step 6: Update the Shared Library Cache: Ensure that the new OpenSSL libraries are recognized:

sudo ldconfig

Step 7: Verify the Installation: Check the installed version of OpenSSL to ensure it’s correctly installed:

If everything goes as expected, you should now have the latest version of OpenSSL installed on your system. Run below command to verify

openssl version

As you can see, I now have the latest version on my system

openssl_3.3.1 installed

Optional: Update OpenSSL in Your PATH: If the new version isn’t being picked up by default, you might need to adjust your PATH or update the OpenSSL symlink:

sudo ln -sf /usr/local/ssl/bin/openssl /usr/bin/openssl

Restart the server and check again for the installed version of OpenSSL. 

If your OpenSSL is still not showing an upgraded version follow the below steps. 

These instructions guide you on ensuring that OpenSSL is using the correct, upgraded version by configuring your system libraries. Follow the step-by-step breakdown:

Step 1. Check if the Libraries Exist: Run the following command:

ls /usr/local/lib64/

You should see files like ‘libcrypto.so.3’, ‘libssl.a’, ‘libssl.so’, etc. If they are present, the libraries are installed in ‘/usr/local/lib64/’.

Step 2. Check the Library Path Configuration:

Verify that the path ‘/usr/local/lib64/’ is not already included by checking the output of:

cat /etc/ld.so.conf.d/*

Step 3. Add the New Path to the Configuration:

If ‘/usr/local/lib64/” is missing from the configuration, add it by running:

sudo echo /usr/local/lib64/ > /etc/ld.so.conf.d/openssl.conf

Step 4. Load the Updated Configuration:

Apply the changes by reloading the dynamic linker with:

sudo ldconfig

Step 5. Verify the Configuration:

Ensure ‘/usr/local/lib64/’ is now included by running:

ldconfig -v | less

6. Confirm OpenSSL Version:

Finally, check if OpenSSL is using the upgraded version by running:

openssl version

This should confirm that your system is using the correct OpenSSL version now.

Watch the Video Tutorial on YouTube

If you want to watch the videos of all above-mentioned steps, you can follow the below link to watch the full video on YouTube.

how to install openssl youtube video

Conclusion

In conclusion, keeping OpenSSL up-to-date is crucial for maintaining the security and integrity of your system.

By following the simple steps outlined above, you can ensure that you have the latest version of OpenSSL installed, which helps protect your applications and data from potential vulnerabilities. Regular updates not only enhance security but also ensure compatibility with newer features and improvements. For ongoing security and optimal performance, make updating OpenSSL a routine part of your system maintenance.

Still, if you are facing any issues and need help, feel free to contact us.

Share Article on: