Installing OpenSSL 3.x on Rocky/Alma/CentOS/RHEL 8

It is paramount to stay ahead of potential security threats in the current ever-evolving landscape of cybersecurity. OpenSSL is the renowned open-source toolkit that plays a pivotal role in securing communication between computer systems over the network. It provides an open implmentation of transport layer security (TLS) and secure sockets layer (SSL) protocols, that guarantess integrity, authenticity and confidentiality of data transmitted between devices in the network or over the internet.

At the time of writing this article, OpenSSL 3.1 is the recent release of OpenSSL. It comes with tons of improvements and new features that makes it more potent in safeguarding digital communication and staying ahead of emerging threats. In the next sections we cover the steps that are needed when installing OpenSSL 3.x on Rocky/Alma/CentOS/RHEL 8.

Install OpenSSL 3.x on Rocky / AlmaLinux / CentOS / RHEL 8

Here are the steps that you will follow to have OpenSSL 3.x installed on CentOS/RHEL-based Linux distributions.

Step 1: Update System

Run these commands to ensure that your RHEL based system is up-to-date with recent security patches and software updates.

sudo dnf -y update

After the updates are applied you can perform a system reboot to use latest software updates.

sudo reboot

Step 2: Uninstall OpenSSL 1.1

If you run the following commands it will show you the current OpenSSL version installed:

$ openssl version
OpenSSL 1.1.1k  FIPS 25 Mar 2021

We’ll uninstall this older version then install OpenSSL 3.x on the system.

sudo dnf remove openssl

Review other applications that depend on this OpenSSL release that are likely to be erased. Confirm uninstallation.

$ openssl version
-bash: /usr/bin/openssl: No such file or directory

Step 3: Install dependency packages

There are key packages that OpenSSL may depend on to run. Install the basic development dependencies:

sudo dnf -y groupinstall "Development Tools"
sudo dnf -y install perl-IPC-Cmd  perl-Pod-Html

Make and Gcc packages should now be installed.

$  gcc --version
gcc (GCC) 8.5.0 20210514 (Red Hat 8.5.0-18)
Copyright (C) 2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

$ make --version
GNU Make 4.2.1
Built for x86_64-redhat-linux-gnu
Copyright (C) 1988-2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Step 4: Download and Install OpenSSL 3.x

Download a version of OpenSSL 3 from OpenSSL Downloads page. Remember to replace URL with one obtained from the link.

VER=3.3.1
wget https://github.com/openssl/openssl/releases/download/openssl-$VER/openssl-$VER.tar.gz

Extract downloaded compressed archive file.

tar xvf openssl-$VER.tar.gz

Naviage to created folder after file extraction.

cd openssl-*/

Configure files for installation of OpenSSL 3.x

./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl

Where:

• --prefix and --openssldir control the configuration of installed components.

Here is the message from the execution.

Configuring OpenSSL version 3.3.1 for target linux-x86_64
Using os-specific seed configuration
Created configdata.pm
Running configdata.pm
Created Makefile.in
Created Makefile
Created include/openssl/configuration.h

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL.md file first)      ***
***                                                                ***
**********************************************************************

Build and compile OpenSSL 3.x software.

make -j $(nproc)

Above command will generate executable files, and libraries that can be copied to appropriate locations on our Linux system.

sudo make install

Coonfigure and update dynamic linker runtime bindings using the following commands.

sudo ldconfig

Finally we can update the PATH environment variable that specifies all directories where executable binaries are located in the system.

sudo tee /etc/profile.d/openssl.sh<<EOF
export PATH=/usr/local/openssl/bin:\$PATH
export LD_LIBRARY_PATH=/usr/local/openssl/lib:/usr/local/openssl/lib64:\$LD_LIBRARY_PATH
EOF

We also configured dynamic libraries path using LD_LIBRARY_PATH to include OpenSSL directories. Once done update environment variables:

source /etc/profile.d/openssl.sh

Confirm version of OpenSSL installed.

$ openssl version
OpenSSL 3.3.1 04 July 2024 (Library: OpenSSL3.3.1 04 July 2024)

We can test installation of package that depends on OpenSSL.

sudo dnf install policycoreutils-python-utils

Conclusion

By embracing OpenSSL 3.x means you care about security. Wiht this you enjoy continued resilience of your digital infrastructure. OpenSSL is undisputed ally in the digitally interconnected world. OpenSSL development community is committed to its advancement as frontiers in the cybersecurity space. We hope this article was of help to you.