Tutorial News Comments FAQ Related Articles

How to Install and Update OpenSSL on CentOS 6 / CentOS 7

To Install and Update OpenSSL on CentOS 6 / CentOS 7

OpenSSL is a open-source implementation of the SSL and TLS protocols which provides cryptographic functionality. OpenSSL is simple to install and updating it is also as simple as its installation. In this article, we are going to see about the method to install and update OpenSSL in CentOS 7, which also works for CentOS 6.

To Install and Update OpenSSL

The very first step to begin the installation is to get its current version by using “ openssl version” and “ yum info openssl” command.

[root@linuxhelp1 ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

If you want to know information about OpenSSL, run yum command.

[root@linuxhelp1 ~]# yum info openssl
Loaded plugins: fastestmirror, langpacks, priorities
Loading mirror speeds from cached hostfile
 * base: mirror.fibergrid.in
 * extras: mirror.fibergrid.in
 * updates: mirror.fibergrid.in
Installed Packages
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.1e
Release     : 60.el7
Size        : 1.5 M
Repo        : installed
From repo   : base
Summary     : Utilities from the general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

Available Packages
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.1e
Release     : 60.el7_3.1
Size        : 713 k
Repo        : updates/7/x86_64
Summary     : Utilities from the general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

You can download the latest version of OpenSSL by running the following command.

[root@linuxhelp1 ~]# cd /usr/src
[root@linuxhelp1 src]# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
--2017-02-28 11:16:53--  https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
Resolving www.openssl.org (www.openssl.org)... 104.108.216.207, 2600:140f:b:184::c1e, 2600:140f:b:186::c1e
Connecting to www.openssl.org (www.openssl.org)|104.108.216.207|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://www.openssl.org/source/openssl-1.0.2k.tar.gz [following]
--2017-02-28 11:16:55--  https://www.openssl.org/source/openssl-1.0.2k.tar.gz
Reusing existing connection to www.openssl.org:443.
HTTP request sent, awaiting response... 200 OK
Length: 5309236 (5.1M) [application/x-gzip]
Saving to: ‘ openssl-1.0.2-latest.tar.gz’ 

100%[=============================================================> ] 53,09,236    319KB/s   in 15s    

2017-02-28 11:17:09 (353 KB/s) - ‘ openssl-1.0.2-latest.tar.gz’  saved [5309236/5309236]

Now to extract the downloaded OpenSSL tar file.

[root@linuxhelp1 src]# tar -zxf openssl-1.0.2-latest.tar.gz

Once the file is extracted, compile OpenSSL and install/upgrade OpenSSL as follows.

[root@linuxhelp1 src]# cd openssl-1.0.2k/
[root@linuxhelp1 openssl-1.0.2k]# ./config 
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring for linux-x86_64
    no-ec_nistp_64_gcc_128 [default]  OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
    no-gmp          [default]  OPENSSL_NO_GMP (skip dir)
    no-jpake        [experimental] OPENSSL_NO_JPAKE (skip dir)
    no-krb5         [krb5-flavor not specified] OPENSSL_NO_KRB5
.
.
make[1]: Leaving directory `/usr/src/openssl-1.0.2k/test' 

Configured for linux-x86_64.

Now, trigger the installation process by invoking the make command.

[root@linuxhelp1 openssl-1.0.2k]# make
making all in crypto...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/crypto' 
/usr/bin/perl ../util/mkbuildinf.pl " gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM"  " linux-x86_64"  > buildinf.h

.
.
make[1]: Entering directory `/usr/src/openssl-1.0.2k/tools' 
make[1]: Nothing to be done for `all' .
make[1]: Leaving directory `/usr/src/openssl-1.0.2k/tools' 
[root@linuxhelp1 openssl-1.0.2k]#

Once it is done, run make test command.

[root@linuxhelp1 openssl-1.0.2k]# make test
testing...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/test' 
make[2]: Entering directory `/usr/src/openssl-1.0.2k' 
making all in apps...
make[3]: Entering directory `/usr/src/openssl-1.0.2k/apps' 
make[3]: Nothing to be done for `all' .
make[3]: Leaving directory `/usr/src/openssl-1.0.2k/apps' 
make[2]: Leaving directory `/usr/src/openssl-1.0.2k' 
../util/shlib_wrap.sh ./destest
.
.
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: " /usr/local/ssl"

Now give effect to the installation process by running make install command.

[root@linuxhelp1 openssl-1.0.2k]# make install
making all in crypto...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/crypto' 
making all in crypto/objects...
make[2]: Entering directory `/usr/src/openssl-1.0.2k/crypto/objects' 
make[2]: Nothing to be done for `all' .
make[2]: Leaving directory `/usr/src/openssl-1.0.2k/crypto/objects' 
making all in crypto/md4...
make[2]: Entering directory `/usr/src/openssl-1.0.2k/crypto/md4' 
make[2]: Nothing to be done for `all' .
make[2]: Leaving directory `/usr/src/openssl-1.0.2k/crypto/md4' 
making all in crypto/md5...
.
.
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc

If the old version is still displayed or installed before, please make a copy of OpenSSL bin file.

[root@linuxhelp1 openssl-1.0.2k]# mv /usr/bin/openssl /root/
[root@linuxhelp1 openssl-1.0.2k]# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

Now verify the OpenSSL version.

[root@linuxhelp1 openssl-1.0.2k]# openssl version
OpenSSL 1.0.2k  26 Jan 2017

Simple to install and update, isn' t it? OpenSSL has several uses as it provides the basic cryptographic functions and various utility functions. It can also be used to connect to a https service. Also, it can be used to verify an online certificate and to extract information from it through a command line.

Tags:

Author:

Comments ( 6 )

Can you list the Files in the Directory where you extracted @doriangruezo

Hello, so, please help me, I do all the steps correctly but in the end it tells me this: # cd openssl-1.1.1a / bash: cd: openssl-1.0.2k /: Does not such a file or directory exist ???

Thanks :)

hi paslechoix It seems you already has openssl Verison 1.1.10 20

replace "openssl-1.0.2k/" with openssl-1.0.2kl

Add a comment

Frequently asked questions ( 5 )

"Why its need the OpenSSL?

OpenSSL is an open-source implementation of the SSL and TLS protocols which provides cryptographic functionality. OpenSSL is simple to install and updating it is also as simple as its installed

"How do I find out what OpenSSL version I’m running?

"Please run the following command as ""openssl version OpenSSL 1.0.1e-fips 11 Feb 2013""

"How do I get a list of available ciphers?

"Use the ciphers option. The ciphers(1) man page is quite helpful. # list all available ciphers openssl ciphers -v # list only TLSv1 ciphers openssl ciphers -v -tls1 # list only high encrypt

"How do I sign a digest?

"signed digest will be foo-1.23.tar.gz.sha1 openssl dgst -sha256 \ -sign mykey.pem -out foo-1.23.tar.gz.sha1 \ foo-1.23.tar.gz

Why does my browser give a warning about a mismatched hostname?

Browsers expect the server's hostname to match the value in the common name (CN) field of the certificate. If it does not then you get a warning.

Rank

User

Points

Top Contributers

naveelansari

135850

Top Contributers

ayanbhatti

92510

Top Contributers

hamzaahmed

32150

Top Contributers

linuxhelp

31035

Top Contributers

muhammadali

24500

Can you help abdul wahab ?

How to install Elastix PBX?

Hi every one,
can any one help to install elastix PBX. i am unable to install becuase during installtion there is no graphical install option.
if any one can suggest?