Tutorial Comments FAQ Related Articles

How to Install and Update OpenSSL on CentOS 6 / CentOS 7

1249

To Install and Update OpenSSL on CentOS 6 / CentOS 7

OpenSSL is a open-source implementation of the SSL and TLS protocols which provides cryptographic functionality. OpenSSL is simple to install and updating it is also as simple as its installation. In this article, we are going to see about the method to install and update OpenSSL in CentOS 7, which also works for CentOS 6.

To Install and Update OpenSSL

The very first step to begin the installation is to get its current version by using “ openssl version” and “ yum info openssl” command. 

[root@linuxhelp1 ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

If you want to know information about OpenSSL, run yum command. 

[root@linuxhelp1 ~]# yum info openssl
Loaded plugins: fastestmirror, langpacks, priorities
Loading mirror speeds from cached hostfile
 * base: mirror.fibergrid.in
 * extras: mirror.fibergrid.in
 * updates: mirror.fibergrid.in
Installed Packages
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.1e
Release     : 60.el7
Size        : 1.5 M
Repo        : installed
From repo   : base
Summary     : Utilities from the general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

Available Packages
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.1e
Release     : 60.el7_3.1
Size        : 713 k
Repo        : updates/7/x86_64
Summary     : Utilities from the general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

You can download the latest version of OpenSSL by running the following command. 

[root@linuxhelp1 ~]# cd /usr/src
[root@linuxhelp1 src]# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
--2017-02-28 11:16:53--  https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
Resolving www.openssl.org (www.openssl.org)... 104.108.216.207, 2600:140f:b:184::c1e, 2600:140f:b:186::c1e
Connecting to www.openssl.org (www.openssl.org)|104.108.216.207|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://www.openssl.org/source/openssl-1.0.2k.tar.gz [following]
--2017-02-28 11:16:55--  https://www.openssl.org/source/openssl-1.0.2k.tar.gz
Reusing existing connection to www.openssl.org:443.
HTTP request sent, awaiting response... 200 OK
Length: 5309236 (5.1M) [application/x-gzip]
Saving to: ‘ openssl-1.0.2-latest.tar.gz’ 

100%[=============================================================> ] 53,09,236    319KB/s   in 15s    

2017-02-28 11:17:09 (353 KB/s) - ‘ openssl-1.0.2-latest.tar.gz’  saved [5309236/5309236]

Now to extract the downloaded OpenSSL tar file.

[root@linuxhelp1 src]# tar -zxf openssl-1.0.2-latest.tar.gz

Once the file is extracted, compile OpenSSL and install/upgrade OpenSSL as follows.

[root@linuxhelp1 src]# cd openssl-1.0.2k/
[root@linuxhelp1 openssl-1.0.2k]# ./config 
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring for linux-x86_64
    no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
    no-gmp          [default]  OPENSSL_NO_GMP (skip dir)
    no-jpake        [experimental] OPENSSL_NO_JPAKE (skip dir)
    no-krb5         [krb5-flavor not specified] OPENSSL_NO_KRB5
.
.
make[1]: Leaving directory `/usr/src/openssl-1.0.2k/test' 

Configured for linux-x86_64.

Now, trigger the installation process by invoking the make command. 

[root@linuxhelp1 openssl-1.0.2k]# make
making all in crypto...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/crypto' 
/usr/bin/perl ../util/mkbuildinf.pl " gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM"  " linux-x86_64"  > buildinf.h

.
.
make[1]: Entering directory `/usr/src/openssl-1.0.2k/tools' 
make[1]: Nothing to be done for `all' .
make[1]: Leaving directory `/usr/src/openssl-1.0.2k/tools' 
[root@linuxhelp1 openssl-1.0.2k]#

Once it is done, run make test command. 

[root@linuxhelp1 openssl-1.0.2k]# make test
testing...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/test' 
make[2]: Entering directory `/usr/src/openssl-1.0.2k' 
making all in apps...
make[3]: Entering directory `/usr/src/openssl-1.0.2k/apps' 
make[3]: Nothing to be done for `all' .
make[3]: Leaving directory `/usr/src/openssl-1.0.2k/apps' 
make[2]: Leaving directory `/usr/src/openssl-1.0.2k' 
../util/shlib_wrap.sh ./destest
.
.
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: " /usr/local/ssl"

Now give effect to the installation process by running make install command. 

[root@linuxhelp1 openssl-1.0.2k]# make install
making all in crypto...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/crypto' 
making all in crypto/objects...
make[2]: Entering directory `/usr/src/openssl-1.0.2k/crypto/objects' 
make[2]: Nothing to be done for `all' .
make[2]: Leaving directory `/usr/src/openssl-1.0.2k/crypto/objects' 
making all in crypto/md4...
make[2]: Entering directory `/usr/src/openssl-1.0.2k/crypto/md4' 
make[2]: Nothing to be done for `all' .
make[2]: Leaving directory `/usr/src/openssl-1.0.2k/crypto/md4' 
making all in crypto/md5...
.
.
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc

If the old version is still displayed or installed before, please make a copy of OpenSSL bin file.

[root@linuxhelp1 openssl-1.0.2k]# mv /usr/bin/openssl /root/
[root@linuxhelp1 openssl-1.0.2k]# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

Now verify the OpenSSL version.

[root@linuxhelp1 openssl-1.0.2k]# openssl version
OpenSSL 1.0.2k  26 Jan 2017

Simple to install and update, isn' t it? OpenSSL has several uses as it provides the basic cryptographic functions and various utility functions. It can also be used to connect to a https service. Also, it can be used to verify an online certificate and to extract information from it through a command line.

Tags:
Author: 

Comments ( 6 )

linuxhelp
Can you list the Files in the Directory where you extracted @doriangruezo
doriangruezo
Hello, so, please help me, I do all the steps correctly but in the end it tells me this: # cd openssl-1.1.1a / bash: cd: openssl-1.0.2k /: Does not such a file or directory exist ???
Jethan
Thanks :)
linuxhelp
hi paslechoix It seems you already has openssl Verison 1.1.10 20
daniluck913
replace "openssl-1.0.2k/" with openssl-1.0.2kl
Add a comment

Frequently asked questions ( 5 )

Q

"Why its need the OpenSSL?

A

OpenSSL is an open-source implementation of the SSL and TLS protocols which provides cryptographic functionality. OpenSSL is simple to install and updating it is also as simple as its installed

Q

"How do I find out what OpenSSL version I’m running?

A

"Please run the following command as ""openssl version OpenSSL 1.0.1e-fips 11 Feb 2013""

Q

"How do I get a list of available ciphers?

A

"Use the ciphers option. The ciphers(1) man page is quite helpful. # list all available ciphers openssl ciphers -v # list only TLSv1 ciphers openssl ciphers -v -tls1 # list only high encrypt

Q

"How do I sign a digest?

A

"signed digest will be foo-1.23.tar.gz.sha1 openssl dgst -sha256 \ -sign mykey.pem -out foo-1.23.tar.gz.sha1 \ foo-1.23.tar.gz

Q

Why does my browser give a warning about a mismatched hostname?

A

Browsers expect the server's hostname to match the value in the common name (CN) field of the certificate. If it does not then you get a warning.

Related Tutorials in How to Install and Update OpenSSL on CentOS 6 / CentOS 7

Related Tutorials in How to Install and Update OpenSSL on CentOS 6 / CentOS 7

How To Install AnyDesk on Centos 7
How To Install AnyDesk on Centos 7
Apr 2, 2018
How to install Tiki Wiki CMS Groupware on CentOS 7
How to install Tiki Wiki CMS Groupware on CentOS 7
May 31, 2018
How to install PHP ImageMagick on CentOS 7
How to install PHP ImageMagick on CentOS 7
Nov 4, 2017
How to install and update OpenSSL on Ubuntu 16.04
How to install and update OpenSSL on Ubuntu 16.04
Mar 9, 2017
How to Upgrade and Downgrade the PHP Versions on CentOS 7.6
How to Upgrade and Downgrade the PHP Versions on CentOS 7.6
Jun 4, 2019
How to install Apache from Source Code on CentOS 7
How to install Apache from Source Code on CentOS 7
Oct 21, 2017
How to enable or disable repositories in CentOS
How to enable or disable repositories in CentOS
Mar 28, 2018
How to install AWStats on CentOS 7
How to install AWStats on CentOS 7
Dec 8, 2017

Related Forums in How to Install and Update OpenSSL on CentOS 6 / CentOS 7

Related Forums in How to Install and Update OpenSSL on CentOS 6 / CentOS 7

CentOS
connor class=
How To Completely Remove Apache package On CentOS 7.6
May 14, 2019
CentOS
ceriaimmaculate class=
setfacl : command not found
Jan 3, 2018
CentOS
mason class=
Error getting authority: Error initializing authority: Could not connect: No such file or directory (g-io-error-quark, 1)
Nov 20, 2018
CentOS
landon class=
Command to find SNMP Version
May 28, 2018
CentOS
arjitharon class=
cannot start minio service help
Mar 10, 2018
Apache tomcat
AadrikaAnshu class=
Cannot find ./catalina.sh The file is absent or does not have execute permission This file is needed to run this program
Jun 17, 2019
gitlab
caden class=
Insufficient space in download directory /var/cache/yum/x86_64/6/base/packages
Jul 22, 2019
OpenVAS
frank class=
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=7&arch=x86_64&repo=os&infra=stock error was 14: curl#6 - "Could not resolve host: mirrorlist.centos.org; Unknown error"
Dec 20, 2018

Related News in How to Install and Update OpenSSL on CentOS 6 / CentOS 7

Related News in How to Install and Update OpenSSL on CentOS 6 / CentOS 7

Back To Top!