OpenSSL is an open-source software library that’s composed of tools and libraries for implementing the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, as well as other cryptographic functions such as signing, encryption, decryption, and verification. Operating systems and many applications use OpenSSL to provide secure communication over the internet.
The version of OpenSSL available on CentOS 7 / RHEL 7 operating system is a bit old and some applications will give errors when compiling if it requires a newer release.
$ sudo yum -y install openssl openssl-devel
$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
As seen from the output the version available is 1.0.2. If installed remove it before you proceed.
sudo yum -y remove openssl openssl-develConfirm it’s uninstalled.
$ openssl version
-bash: openssl: command not foundInstall OpenSSL 1.1.x on CentOS 7 / RHEL 7
OpenSSL library provides a comprehensive set of cryptographic functions, including digital signatures, symmetric and asymmetric encryption, hashing, and certificate management. It also supports a wide range of cryptographic algorithms, including RSA, DSA, Diffie-Hellman, and elliptic curve cryptography.
Install dependencies required to build OpenSSL.
sudo yum -y groupinstall "Development Tools"Download source code of OpenSSL 1.1.x, where x is replaced with actual version required.
wget https://www.openssl.org/source/openssl-1.1.1t.tar.gzExtract dowloaded file.
tar xvf openssl-1.1.1t.tar.gzNavigate to directory created from file extraction.
cd openssl-1.1*/Configure OpenSSL. You can specify
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl
Where:
--prefixand--openssldircontrol the configuration of installed components.
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1t (0x1010114fL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL file first) ***
*** ***
**********************************************************************
Build OpenSSL 1.1.x using make command.
make -j $(nproc)Install OpenSSL 1.1.1 on CentOS 7 / RHEL 7
sudo make installUpdate the shared libraries cache.
sudo ldconfigUpdate your system-wide OpenSSL configuration:
sudo tee /etc/profile.d/openssl.sh<<EOF
export PATH=/usr/local/openssl/bin:\$PATH
export LD_LIBRARY_PATH=/usr/local/openssl/lib:\$LD_LIBRARY_PATH
EOF
Reload shell environment:
source /etc/profile.d/openssl.shLog out of your current shell session:
logoutLog in back and verify that OpenSSL 1.1.1 is installed on CentOS 7 / RHEL 7
$ which openssl
/usr/local/openssl/bin/openssl
$ openssl version
OpenSSL 1.1.1t 7 Feb 2023Conclusion
OpenSSL is widely used and it has been trusted for many years, but it has also been the subject of several high-profile security vulnerabilities and attacks. As a result, it is important to keep OpenSSL up-to-date and to follow best practices for secure usage. In this article we’ve demonstrated how you can install OpenSSL 1.1.x on CentOS 7 / RHEL 7 system. This is an update from the default version distributed in OS base repositories.
