How to Install and Update OpenSSL on CentOS

OpenSSL is a robust, widely-used toolkit that provides support for the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a general-purpose cryptography library. Installing and maintaining the latest version of OpenSSL is essential for ensuring secure communication and data protection on your CentOS system.

open ssl

In this short tutorial, we will discuss how to install and update OpenSSL using the package manager, and how to build it from source if you require a newer version than what is available in the CentOS repositories.

First, we will walk you through the process of installing OpenSSL on CentOS using the yum package manager. Next, we will explain how to update the OpenSSL package to the latest version available in the CentOS repositories. Lastly, we will demonstrate how to build and install OpenSSL from source, which can be useful if you need a newer version than what is available in the default repositories.

By the end, you will be able to install, update, and build OpenSSL from the source on your CentOS system, ensuring that you have access to the latest security patches and features. This knowledge is crucial for maintaining a secure and stable CentOS environment, particularly for tasks related to secure web servers, data encryption, and certificate management.

How to Install OpenSSL on CentOS

Step 1: Update Your System

Before installing any new software, it’s a good practice to update your system packages to their latest versions. You can do this by running the following command:

sudo yum update -y

This command updates all installed packages on your CentOS system.

Step 2: Install the OpenSSL Package

OpenSSL is typically included in the base repository of CentOS, so you can install it using the yum package manager. To install OpenSSL, run:

sudo yum install -y openssl

This command installs the OpenSSL package and its dependencies.

Step 3: Verify the OpenSSL Installation

After the installation is complete, you can verify that OpenSSL is installed correctly by checking its version. To do this, run:

openssl version

The output should display the installed OpenSSL version.

Step 4: (Optional) Install the OpenSSL Development Package

If you are a developer or need to compile software that depends on the OpenSSL library, you might need to install the development package, which includes the header files and development libraries for OpenSSL. To install the OpenSSL development package, run:

sudo yum install -y openssl-devel

Updating OpenSSL to the Latest Version on CentOS

To update OpenSSL to the latest version on CentOS, follow these steps:

See also  How to Install Varnish Cache With Apache On CentOS 6.5

Step 1: Update Your System

First, update your system packages to their latest versions. You can do this by running the following command:

sudo yum update -y

This command updates all installed packages on your CentOS system, including OpenSSL if there is a new version available in the default repositories.

Step 2: Check for Available OpenSSL Updates

After updating your system, you can check if a new version of OpenSSL is available in the repositories:

sudo yum list available openssl

If a newer version is available, you can proceed with the update.

Step 3: Update OpenSSL

If a new version of OpenSSL is available in the repositories, update the package by running:

sudo yum update -y openssl

This command updates the OpenSSL package to the latest version available in the repositories.

Step 4: Verify the Updated OpenSSL Version

After updating OpenSSL, you can verify that the latest version is installed by checking its version. To do this, run:

openssl version

The output should display the updated OpenSSL version.

Please note that the latest version available in the CentOS repositories may not always be the absolute latest version of OpenSSL. If you need a newer version than what is available in the repositories, you may need to build it from the source or use a third-party repository.

Building OpenSSL from Source on CentOS

If you need a newer version of OpenSSL than what is available in the CentOS repositories, you can build it from the source. Here’s how:

Step 1: Install Required Dependencies

Before you can build OpenSSL from the source, you need to install some required dependencies. Run the following command to install the necessary packages:

sudo yum install -y gcc make perl wget

Step 2: Download the Latest OpenSSL Source Code

Visit the OpenSSL official website (https://www.openssl.org/source/) and find the latest OpenSSL version’s download link. Then, use the wget command to download the source code to your CentOS system:

wget https://www.openssl.org/source/openssl-<version>.tar.gz

Replace <version> with the desired version number.

See also  Download Ubuntu 14.04 LTS for Server and Desktop

Step 3: Extract the Source Code

After downloading the source code, extract the contents of the tarball by running:

tar -xf openssl-<version>.tar.gz

This command extracts the source code into a directory named openssl-<version>.

Step 4: Compile and Install OpenSSL

Navigate to the extracted directory:

cd openssl-<version>

Configure the OpenSSL build using the following command:

./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl

The –prefix and –openssldir options specify the installation directory for the OpenSSL binaries and configuration files, respectively.

Compile and install OpenSSL by running:

sudo make
sudo make install

Step 5: Update System Path

Add the newly installed OpenSSL to your system’s path by creating a new file in the /etc/ld.so.conf.d/ directory:

sudo echo "/usr/local/openssl/lib" > /etc/ld.so.conf.d/openssl.conf

Update the system’s dynamic linker runtime bindings:

sudo ldconfig

Step 6: Verify the OpenSSL Installation

After building and installing OpenSSL from the source, verify that the new version is installed correctly by checking its version:

/usr/local/openssl/bin/openssl version

Commands Mentioned:

  • sudo yum update -y – Updates all installed packages on the CentOS system.
  • sudo yum install -y openssl – Installs the OpenSSL package and its dependencies.
  • openssl version – Displays the installed OpenSSL version.
  • sudo yum install -y openssl-devel – Installs the OpenSSL development package with header files and development libraries.
  • sudo yum list available openssl – Lists the available OpenSSL versions in the repositories.
  • sudo yum update -y openssl – Updates the OpenSSL package to the latest version available in the repositories.
  • sudo yum install -y gcc make perl wget – Installs the required dependencies for building OpenSSL from source.
  • wget https://www.openssl.org/source/openssl-<version>.tar.gz – Downloads the OpenSSL source code.
  • tar -xf openssl-<version>.tar.gz – Extracts the OpenSSL source code.
  • ./config –prefix=/usr/local/openssl –openssldir=/usr/local/openssl – Configures the OpenSSL build.
  • sudo make – Compiles OpenSSL.
  • sudo make install – Installs OpenSSL.

Conclusion

By following these instructions, you have ensured that your system has the latest version of OpenSSL, providing you with the latest security features and patches. The importance of maintaining an up-to-date OpenSSL installation cannot be overstated, as it plays a vital role in secure communication, data encryption, and certificate management.

See also  How to Install Zimbra Patch on CentOS 7

With the knowledge acquired, you can confidently manage your OpenSSL installation, tailoring it to your specific needs and requirements. Whether you choose to install OpenSSL via the package manager or build it from a source, you now have the tools and understanding necessary to keep your CentOS system secure and up-to-date.

We encourage you to leave comments and suggest improvements. Your feedback is invaluable and helps us continually enhance our content to better serve our audience.

FAQ

  1. What is OpenSSL and why is it important?

    OpenSSL is a robust, widely-used toolkit that provides support for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, as well as a general-purpose cryptography library. It is essential for ensuring secure communication and data protection on your CentOS system.

  2. How can I install OpenSSL on CentOS?

    You can install OpenSSL on CentOS using the yum package manager with the command ‘sudo yum install -y openssl’. This command installs the OpenSSL package and its dependencies.

  3. How can I update OpenSSL to the latest version on CentOS?

    You can update OpenSSL to the latest version on CentOS by first updating your system packages to their latest versions with ‘sudo yum update -y’. Then, you can update the OpenSSL package to the latest version available in the repositories with ‘sudo yum update -y openssl’.

  4. How can I build OpenSSL from source on CentOS?

    You can build OpenSSL from source on CentOS by first installing the required dependencies with ‘sudo yum install -y gcc make perl wget’. Then, download the OpenSSL source code from the official website, extract the source code, configure the OpenSSL build, compile and install OpenSSL, and finally update the system’s path.

  5. What is the importance of maintaining an up-to-date OpenSSL installation?

    Maintaining an up-to-date OpenSSL installation is crucial as it provides you with the latest security features and patches. It plays a vital role in secure communication, data encryption, and certificate management, thus ensuring the security and stability of your CentOS environment.

Comments

11 Comments

  • Avatar Kris Armstrong says:

    I followed your article. which seemed to work great. My next step was to install FreeRadius V3.0.8. And I receive the following message after compiling and installing

    Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev – 1.0.1f release)

    Security advisory CVE-2014-0160 (Heartbleed)

    For more information see http://heartbleed.com

    Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = ‘CVE-2014-0160′

    So based on this its still pointed to the old version since hte new one is installed. I thought ok its probably a library issue.

    So I did the following:

    ./configure –with-openssl-lib-dir=/usr/src/openssl-1.0.2c/ –with-openssl-include-dir=/usr/src/openssl-1.0.2c/

    Which produces the following error message:

    checking for OpenSSL version >= 0.9.7… yes

    checking OpenSSL library and header version consistency… library: 1000203f header: 1000105f… no

    configure: error: in `/usr/src/freeradius-server-3.0.8′:

    configure: error: OpenSSL library version does not match header version

    See `config.log’ for more details

    [root@freeradius freeradius-server-3.0.8]#

    So I’m not sure if i’m pointing to the right libraries and or headers or not. And why does the system still believe the 1.0.1 is still there.

    Suggestions ideas?
    Should I remove openssl and openssl-develop? and redo the process above again?

    Oh and i’m running CentOS7.1

  • Avatar Kris Armstrong says:

    checking for OpenSSL version >= 0.9.7… yes

    checking OpenSSL library and header version consistency… library: 1000203f header: 1000105f… no

    configure: error: in `/usr/src/freeradius-server-3.0.8′:

    configure: error: OpenSSL library version does not match header version

    See `config.log’ for more details

    [root@freeradius freeradius-server-3.0.8]#

  • Avatar sidgrafix says:

    This works but is incomplete in making it stick!

    Apache needs to be rebuilt after with openSSL in order for it to be active in PHP. Problem is the openSSL gets reverted to the rpm distributed with cPanel and or CloudLinux when rebuilding apache for those of us that use either, in turn overriding anything you just did!

    As the log shows:
    –!! Warning: ‘openssl-devel’ has been modified, reinstalling… !!
    Loaded plugins: fastestmirror, rhnplugin
    Setting up Install Process
    Loading mirror speeds from cached hostfile
    * cloudlinux-x86_64-server-6: xmlrpc.cln.cloudlinux.com
    Resolving Dependencies
    –> Running transaction check
    —> Package openssl-devel.x86_64 0:1.0.1e-48.el6_8.1 will be installed
    –> Finished Dependency Resolution

    Total download size: 1.2 M
    Installed size: 0
    Downloading Packages:
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction

    Installing : openssl-devel-1.0.1e-48.el6_8.1.x86_64 1/1

    Verifying : openssl-devel-1.0.1e-48.el6_8.1.x86_64 1/1

    Complete!
    !! Done reinstalling ‘openssl-devel’ !!
    ============================================================

    Do you have a solution for that?

    I haven’t been able to find one!

  • Avatar Navd says:

    hi,

    I followed the steps , it installed the latest version. Even moved the old openssl to other directory and created a link to the new installed version.

    when I run the openssl version command , still shows older version :

    Description: Red Hat Enterprise Linux Server release 6.7 (Santiago)
    Release: 6.7
    Codename: Santiago

    openssl version
    OpenSSL 0.9.8zf-fips 19 Mar 2015

    can you please help in this regards ?

    Thanks

  • Avatar Kevin Siji says:

    Thanks

  • Avatar John says:

    I have followed all steps but but for the 4th step openssl directory is not found. Can you please suggest what i need to check for?
    # mv /usr/bin/openssl /root/
    # ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

    I’m using centos 7 version.

    If i skip this step and run openssl version then it is gives error of no command found.

  • Avatar Robert says:

    On step 3 for me it was:
    cd openssl-1.0.2k instead of cd openssl-1.0.2a
    cd openssl-1.0.2a doesn’t exist.

  • Avatar Sandra says:

    Thanks so much

  • Avatar vigneshwaran says:

    Even after installing the latest version “sudo yum info openssl” shows same old version as output

    Installed Packages
    Name : openssl
    Arch : x86_64
    Epoch : 1
    Version : 1.0.1e
    Release : 60.el7_3.1
    Size : 1.5 M
    Repo : installed
    From repo : updates
    Summary : Utilities from the general purpose cryptography library with TLS implementation
    URL : http://www.openssl.org/
    License : OpenSSL
    Description : The OpenSSL toolkit provides support for secure communications between
    : machines. OpenSSL includes a certificate management tool and shared
    : libraries which provide various cryptographic algorithms and
    : protocols.

    but “#openssl version” shows
    OpenSSL 1.0.2l 25 May 2017″

  • Avatar Javier Ruiz says:

    Hello i have installed update OpenSSL with yours instructions.

    In command line the version showed is the new, but in phpinfo and yum info openssl it show old version

    How can i repair it ??

    thakns

Leave a Reply to Dolev Hadad Cancel reply

Your email address will not be published. Required fields are marked *