OpenSSL is an open-source software library that’s composed of tools and libraries for implementing the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, as well as other cryptographic functions such as signing, encryption, decryption, and verification. Operating systems and many applications use OpenSSL to provide secure communication over the internet.

The version of OpenSSL available on CentOS 7 / RHEL 7 operating system is a bit old and some applications will give errors when compiling if it requires a newer release.

$ sudo yum -y install openssl openssl-devel
$ openssl version
OpenSSL 1.0.2k-fips  26 Jan 2017

As seen from the output the version available is 1.0.2. If installed remove it before you proceed.

sudo yum -y remove openssl openssl-devel

Confirm it’s uninstalled.

$ openssl version
-bash: openssl: command not found

Install OpenSSL 1.1.x on CentOS 7 / RHEL 7

OpenSSL library provides a comprehensive set of cryptographic functions, including digital signatures, symmetric and asymmetric encryption, hashing, and certificate management. It also supports a wide range of cryptographic algorithms, including RSA, DSA, Diffie-Hellman, and elliptic curve cryptography.

Install dependencies required to build OpenSSL.

sudo yum -y groupinstall "Development Tools"

Download source code of OpenSSL 1.1.x, where x is replaced with actual version required.

wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz

Extract dowloaded file.

tar xvf openssl-1.1.1w.tar.gz

Navigate to directory created from file extraction.

cd openssl-1.1*/

Configure OpenSSL. You can specify 

./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl

Where:

  • --prefix and --openssldir control the configuration of installed components.
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1t (0x1010114fL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL file first)         ***
***                                                                ***
**********************************************************************

Build OpenSSL 1.1.x using make command.

make -j $(nproc)

Install OpenSSL 1.1.1 on CentOS 7 / RHEL 7

sudo make install

Update the shared libraries cache.

sudo ldconfig

Update your system-wide OpenSSL configuration:

sudo tee /etc/profile.d/openssl.sh<<EOF
export PATH=/usr/local/openssl/bin:\$PATH
export LD_LIBRARY_PATH=/usr/local/openssl/lib:\$LD_LIBRARY_PATH
EOF

Reload shell environment:

source /etc/profile.d/openssl.sh

Log out of your current shell session:

logout

Log in back and verify that OpenSSL 1.1.1 is installed on CentOS 7 / RHEL 7

$ which openssl
/usr/local/openssl/bin/openssl

$ openssl version
OpenSSL 1.1.1w  11 Sep 2023

Conclusion

OpenSSL is widely used and it has been trusted for many years, but it has also been the subject of several high-profile security vulnerabilities and attacks. As a result, it is important to keep OpenSSL up-to-date and to follow best practices for secure usage. In this article we’ve demonstrated how you can install OpenSSL 1.1.x on CentOS 7 / RHEL 7 system. This is an update from the default version distributed in OS base repositories.

RELATED ARTICLESMORE FROM AUTHOR

10 COMMENTS

  1. Centos 7:
    I had to add -lz to the linker variable in Makefile
    CNF_EX_LIBS=-ldl -pthread -lz
    …unsure if this is the best place for it but at least the linker finished.

  3. The \$PATH syntax escapes the $ which means that the modified PATH variable will not actually be a variable. This will mess up people’s PATH environment variable.

  4. Hello, I was following a guide of this website to install python on my system.
    How To Install Python 3.11 on CentOS 7 / RHEL 7 this guide said to update openssl and suggested to use this guide. I followed this guide and i updated openssl. The problem is that my webmin application is not working any more. Im not able to connect via browser. And I can not use it by CLI:
    [root@locahost ~]# systemctl status webmin
    Unit webmin.service could not be found.
    What happened?

  5. I followed this on my RHEL machine and broke it. Yum
    #rpm -Va
    rpm: symbol lookup error: /lib64/librpmio.so.8: undefined symbol: EVP_md2, version OPENSSL_1_1_0

    yum error:

    ImportError: /lib64/libk5crypto.so.3: undefined symbol: EVP_KDF_ctrl, version OPENSSL_1_1_1b

LEAVE A REPLY

Please enter your comment!
Please enter your name here