In this article we show you how to install OpenSSL 3.x on CentOS 7 / RHEL 7. OpenSSL is a very powerful and widely used open-source library with tools used in the implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and many other cryptographic functions such as encryption, decryption, signing, and verification. OpenSSL also supports a wide range of cryptographic algorithms, including RSA, DSA, Diffie-Hellman, and elliptic curve cryptography.
The default version of OpenSSL installable on CentOS 7 / RHEL 7 system is 1.0.x. Some applications may fail to work with older releases of OpenSSL and the solution to this is building and installing a newer version of OpenSSL.
$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017Let’s first uninstall this older version of OpenSSL before we can install OpenSSL 3.x on the system.
sudo yum -y remove openssl openssl-develConfirm the software package has been uninstalled by building OpenSSL 3.x from source.
$ openssl version
-bash: openssl: command not foundInstall OpenSSL 3.x on CentOS 7 / RHEL 7
The master sources of OpenSSL are maintained in the git repository, and cloned to GitHub repository. Let’s begin with the installation of all dependencies required for building OpenSSL from source.
Install dependencies required to build OpenSSL.
sudo yum -y groupinstall "Development Tools"We also need to install perl-IPC-Cmd package.
sudo yum -y install perl-IPC-CmdDownload source code of OpenSSL 3.x, where x is replaced with actual version required.
# Version 3.1
cd /tmp
wget https://www.openssl.org/source/openssl-3.1.3.tar.gz
# Version 3.0
cd /tmp
wget https://www.openssl.org/source/openssl-3.0.11.tar.gzExtract dowloaded OpenSSL archive.
tar xvf openssl-*.tar.gzNavigate to directory created from file extraction.
cd openssl-*/Configure OpenSSL by running the commands provided below.
./config --prefix=/usr/local/openssl --openssldir=/usr/local/opensslWhere:
--prefixand--openssldircontrol the configuration of installed components.
Configuring OpenSSL version 3.1.3 for target linux-x86_64
Using os-specific seed configuration
Created configdata.pm
Running configdata.pm
Created Makefile.in
Created Makefile
Created include/openssl/configuration.h
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL.md file first) ***
*** ***
**********************************************************************Build OpenSSL 3.x by eecuting the make command.
make -j $(nproc)Install OpenSSL 3.x on CentOS 7 / RHEL 7
sudo make installUpdate the shared libraries cache using below commands.
sudo ldconfigUpdate the system-wide OpenSSL configurations:
sudo tee /etc/profile.d/openssl.sh<<EOF
export PATH=/usr/local/openssl/bin:\$PATH
export LD_LIBRARY_PATH=/usr/local/openssl/lib:/usr/local/openssl/lib64:\$LD_LIBRARY_PATH
EOFUpdate shell environment to use OpenSSL 3.x on CentOS / RHEL 7 system.
source /etc/profile.d/openssl.shYou can also log out of your current shell session:
logoutLogin back and verify that OpenSSL 3.x is installed on CentOS 7 / RHEL 7
$ which openssl
/usr/local/openssl/bin/openssl
$ openssl version
OpenSSL 3.1.3 19 Sep 2023 (Library: OpenSSL 3.1.3 19 Sep 2023)Conclusion
Despite OpenSSL being a successfl project and gaining trust of many organizations, it has also been the subject of several high-profile security vulnerabilities and attacks. To be safe we highly recommend you update to the latest stable release where applicable. Ensure you keep OpenSSL up-to-date and follow best practices for better security. In this article we were able to install OpenSSL 3.x on CentOS 7 / RHEL 7 system. We hope this article was helpful and thank you for visiting our website.
