OpenSSL is a robust, widely-used toolkit that provides support for the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a general-purpose cryptography library. Installing and maintaining the latest version of OpenSSL is essential for ensuring secure communication and data protection on your CentOS system.
In this short tutorial, we will discuss how to install and update OpenSSL using the package manager, and how to build it from source if you require a newer version than what is available in the CentOS repositories.
First, we will walk you through the process of installing OpenSSL on CentOS using the yum package manager. Next, we will explain how to update the OpenSSL package to the latest version available in the CentOS repositories. Lastly, we will demonstrate how to build and install OpenSSL from source, which can be useful if you need a newer version than what is available in the default repositories.
By the end, you will be able to install, update, and build OpenSSL from the source on your CentOS system, ensuring that you have access to the latest security patches and features. This knowledge is crucial for maintaining a secure and stable CentOS environment, particularly for tasks related to secure web servers, data encryption, and certificate management.
How to Install OpenSSL on CentOS
Step 1: Update Your System
Before installing any new software, it’s a good practice to update your system packages to their latest versions. You can do this by running the following command:
sudo yum update -y
This command updates all installed packages on your CentOS system.
Step 2: Install the OpenSSL Package
OpenSSL is typically included in the base repository of CentOS, so you can install it using the yum package manager. To install OpenSSL, run:
sudo yum install -y openssl
This command installs the OpenSSL package and its dependencies.
Step 3: Verify the OpenSSL Installation
After the installation is complete, you can verify that OpenSSL is installed correctly by checking its version. To do this, run:
openssl version
The output should display the installed OpenSSL version.
Step 4: (Optional) Install the OpenSSL Development Package
If you are a developer or need to compile software that depends on the OpenSSL library, you might need to install the development package, which includes the header files and development libraries for OpenSSL. To install the OpenSSL development package, run:
sudo yum install -y openssl-devel
Updating OpenSSL to the Latest Version on CentOS
To update OpenSSL to the latest version on CentOS, follow these steps:
Step 1: Update Your System
First, update your system packages to their latest versions. You can do this by running the following command:
sudo yum update -y
This command updates all installed packages on your CentOS system, including OpenSSL if there is a new version available in the default repositories.
Step 2: Check for Available OpenSSL Updates
After updating your system, you can check if a new version of OpenSSL is available in the repositories:
sudo yum list available openssl
If a newer version is available, you can proceed with the update.
Step 3: Update OpenSSL
If a new version of OpenSSL is available in the repositories, update the package by running:
sudo yum update -y openssl
This command updates the OpenSSL package to the latest version available in the repositories.
Step 4: Verify the Updated OpenSSL Version
After updating OpenSSL, you can verify that the latest version is installed by checking its version. To do this, run:
openssl version
The output should display the updated OpenSSL version.
Please note that the latest version available in the CentOS repositories may not always be the absolute latest version of OpenSSL. If you need a newer version than what is available in the repositories, you may need to build it from the source or use a third-party repository.
Building OpenSSL from Source on CentOS
If you need a newer version of OpenSSL than what is available in the CentOS repositories, you can build it from the source. Here’s how:
Step 1: Install Required Dependencies
Before you can build OpenSSL from the source, you need to install some required dependencies. Run the following command to install the necessary packages:
sudo yum install -y gcc make perl wget
Step 2: Download the Latest OpenSSL Source Code
Visit the OpenSSL official website (https://www.openssl.org/source/) and find the latest OpenSSL version’s download link. Then, use the wget command to download the source code to your CentOS system:
wget https://www.openssl.org/source/openssl-<version>.tar.gz
Replace <version> with the desired version number.
Step 3: Extract the Source Code
After downloading the source code, extract the contents of the tarball by running:
tar -xf openssl-<version>.tar.gz
This command extracts the source code into a directory named openssl-<version>.
Step 4: Compile and Install OpenSSL
Navigate to the extracted directory:
cd openssl-<version>
Configure the OpenSSL build using the following command:
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
The –prefix and –openssldir options specify the installation directory for the OpenSSL binaries and configuration files, respectively.
Compile and install OpenSSL by running:
sudo make sudo make install
Step 5: Update System Path
Add the newly installed OpenSSL to your system’s path by creating a new file in the /etc/ld.so.conf.d/ directory:
sudo echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf
Update the system’s dynamic linker runtime bindings:
sudo ldconfig
Step 6: Verify the OpenSSL Installation
After building and installing OpenSSL from the source, verify that the new version is installed correctly by checking its version:
/usr/local/openssl/bin/openssl version
Commands Mentioned:
- sudo yum update -y – Updates all installed packages on the CentOS system.
- sudo yum install -y openssl – Installs the OpenSSL package and its dependencies.
- openssl version – Displays the installed OpenSSL version.
- sudo yum install -y openssl-devel – Installs the OpenSSL development package with header files and development libraries.
- sudo yum list available openssl – Lists the available OpenSSL versions in the repositories.
- sudo yum update -y openssl – Updates the OpenSSL package to the latest version available in the repositories.
- sudo yum install -y gcc make perl wget – Installs the required dependencies for building OpenSSL from source.
- wget https://www.openssl.org/source/openssl-<version>.tar.gz – Downloads the OpenSSL source code.
- tar -xf openssl-<version>.tar.gz – Extracts the OpenSSL source code.
- ./config –prefix=/usr/local/openssl –openssldir=/usr/local/openssl – Configures the OpenSSL build.
- sudo make – Compiles OpenSSL.
- sudo make install – Installs OpenSSL.
Conclusion
By following these instructions, you have ensured that your system has the latest version of OpenSSL, providing you with the latest security features and patches. The importance of maintaining an up-to-date OpenSSL installation cannot be overstated, as it plays a vital role in secure communication, data encryption, and certificate management.
With the knowledge acquired, you can confidently manage your OpenSSL installation, tailoring it to your specific needs and requirements. Whether you choose to install OpenSSL via the package manager or build it from a source, you now have the tools and understanding necessary to keep your CentOS system secure and up-to-date.
We encourage you to leave comments and suggest improvements. Your feedback is invaluable and helps us continually enhance our content to better serve our audience.
FAQ
-
What is OpenSSL and why is it important?
OpenSSL is a robust, widely-used toolkit that provides support for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, as well as a general-purpose cryptography library. It is essential for ensuring secure communication and data protection on your CentOS system.
-
How can I install OpenSSL on CentOS?
You can install OpenSSL on CentOS using the yum package manager with the command ‘sudo yum install -y openssl’. This command installs the OpenSSL package and its dependencies.
-
How can I update OpenSSL to the latest version on CentOS?
You can update OpenSSL to the latest version on CentOS by first updating your system packages to their latest versions with ‘sudo yum update -y’. Then, you can update the OpenSSL package to the latest version available in the repositories with ‘sudo yum update -y openssl’.
-
How can I build OpenSSL from source on CentOS?
You can build OpenSSL from source on CentOS by first installing the required dependencies with ‘sudo yum install -y gcc make perl wget’. Then, download the OpenSSL source code from the official website, extract the source code, configure the OpenSSL build, compile and install OpenSSL, and finally update the system’s path.
-
What is the importance of maintaining an up-to-date OpenSSL installation?
Maintaining an up-to-date OpenSSL installation is crucial as it provides you with the latest security features and patches. It plays a vital role in secure communication, data encryption, and certificate management, thus ensuring the security and stability of your CentOS environment.
11 Comments
I followed your article. which seemed to work great. My next step was to install FreeRadius V3.0.8. And I receive the following message after compiling and installing
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev – 1.0.1f release)
Security advisory CVE-2014-0160 (Heartbleed)
For more information see http://heartbleed.com
Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = ‘CVE-2014-0160′
So based on this its still pointed to the old version since hte new one is installed. I thought ok its probably a library issue.
So I did the following:
./configure –with-openssl-lib-dir=/usr/src/openssl-1.0.2c/ –with-openssl-include-dir=/usr/src/openssl-1.0.2c/
Which produces the following error message:
checking for OpenSSL version >= 0.9.7… yes
checking OpenSSL library and header version consistency… library: 1000203f header: 1000105f… no
configure: error: in `/usr/src/freeradius-server-3.0.8′:
configure: error: OpenSSL library version does not match header version
See `config.log’ for more details
[root@freeradius freeradius-server-3.0.8]#
So I’m not sure if i’m pointing to the right libraries and or headers or not. And why does the system still believe the 1.0.1 is still there.
Suggestions ideas?
Should I remove openssl and openssl-develop? and redo the process above again?
Oh and i’m running CentOS7.1
checking for OpenSSL version >= 0.9.7… yes
checking OpenSSL library and header version consistency… library: 1000203f header: 1000105f… no
configure: error: in `/usr/src/freeradius-server-3.0.8′:
configure: error: OpenSSL library version does not match header version
See `config.log’ for more details
[root@freeradius freeradius-server-3.0.8]#
This works but is incomplete in making it stick!
Apache needs to be rebuilt after with openSSL in order for it to be active in PHP. Problem is the openSSL gets reverted to the rpm distributed with cPanel and or CloudLinux when rebuilding apache for those of us that use either, in turn overriding anything you just did!
As the log shows:
–!! Warning: ‘openssl-devel’ has been modified, reinstalling… !!
Loaded plugins: fastestmirror, rhnplugin
Setting up Install Process
Loading mirror speeds from cached hostfile
* cloudlinux-x86_64-server-6: xmlrpc.cln.cloudlinux.com
Resolving Dependencies
–> Running transaction check
—> Package openssl-devel.x86_64 0:1.0.1e-48.el6_8.1 will be installed
–> Finished Dependency Resolution
Total download size: 1.2 M
Installed size: 0
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : openssl-devel-1.0.1e-48.el6_8.1.x86_64 1/1
Verifying : openssl-devel-1.0.1e-48.el6_8.1.x86_64 1/1
Complete!
!! Done reinstalling ‘openssl-devel’ !!
============================================================
Do you have a solution for that?
I haven’t been able to find one!
hi,
I followed the steps , it installed the latest version. Even moved the old openssl to other directory and created a link to the new installed version.
when I run the openssl version command , still shows older version :
Description: Red Hat Enterprise Linux Server release 6.7 (Santiago)
Release: 6.7
Codename: Santiago
openssl version
OpenSSL 0.9.8zf-fips 19 Mar 2015
can you please help in this regards ?
Thanks
Thanks
I have followed all steps but but for the 4th step openssl directory is not found. Can you please suggest what i need to check for?
# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
I’m using centos 7 version.
If i skip this step and run openssl version then it is gives error of no command found.
On step 3 for me it was:
cd openssl-1.0.2k instead of cd openssl-1.0.2a
cd openssl-1.0.2a doesn’t exist.
Thanks so much
Even after installing the latest version “sudo yum info openssl” shows same old version as output
Installed Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 60.el7_3.1
Size : 1.5 M
Repo : installed
From repo : updates
Summary : Utilities from the general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
: machines. OpenSSL includes a certificate management tool and shared
: libraries which provide various cryptographic algorithms and
: protocols.
but “#openssl version” shows
OpenSSL 1.0.2l 25 May 2017″
Hello i have installed update OpenSSL with yours instructions.
In command line the version showed is the new, but in phpinfo and yum info openssl it show old version
How can i repair it ??
thakns
https://ftp.openssl.org/source/old/1.0.2/openssl-1.0.2f.tar.gz