How to Install and Update OpenSSL on CentOS 6 / CentOS 7
To Install and Update OpenSSL on CentOS 6 / CentOS 7
OpenSSL is a open-source implementation of the SSL and TLS protocols which provides cryptographic functionality. OpenSSL is simple to install and updating it is also as simple as its installation. In this article, we are going to see about the method to install and update OpenSSL in CentOS 7, which also works for CentOS 6.
To Install and Update OpenSSL
The very first step to begin the installation is to get its current version by using “ openssl version” and “ yum info openssl” command.
[root@linuxhelp1 ~]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
If you want to know information about OpenSSL, run yum command.
[root@linuxhelp1 ~]# yum info openssl
Loaded plugins: fastestmirror, langpacks, priorities
Loading mirror speeds from cached hostfile
* base: mirror.fibergrid.in
* extras: mirror.fibergrid.in
* updates: mirror.fibergrid.in
Installed Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 60.el7
Size : 1.5 M
Repo : installed
From repo : base
Summary : Utilities from the general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
: machines. OpenSSL includes a certificate management tool and shared
: libraries which provide various cryptographic algorithms and
: protocols.
Available Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 60.el7_3.1
Size : 713 k
Repo : updates/7/x86_64
Summary : Utilities from the general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
: machines. OpenSSL includes a certificate management tool and shared
: libraries which provide various cryptographic algorithms and
: protocols.
You can download the latest version of OpenSSL by running the following command.
[root@linuxhelp1 ~]# cd /usr/src
[root@linuxhelp1 src]# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
--2017-02-28 11:16:53-- https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
Resolving www.openssl.org (www.openssl.org)... 104.108.216.207, 2600:140f:b:184::c1e, 2600:140f:b:186::c1e
Connecting to www.openssl.org (www.openssl.org)|104.108.216.207|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://www.openssl.org/source/openssl-1.0.2k.tar.gz [following]
--2017-02-28 11:16:55-- https://www.openssl.org/source/openssl-1.0.2k.tar.gz
Reusing existing connection to www.openssl.org:443.
HTTP request sent, awaiting response... 200 OK
Length: 5309236 (5.1M) [application/x-gzip]
Saving to: ‘ openssl-1.0.2-latest.tar.gz’
100%[=============================================================> ] 53,09,236 319KB/s in 15s
2017-02-28 11:17:09 (353 KB/s) - ‘ openssl-1.0.2-latest.tar.gz’ saved [5309236/5309236]
Now to extract the downloaded OpenSSL tar file.
[root@linuxhelp1 src]# tar -zxf openssl-1.0.2-latest.tar.gz
Once the file is extracted, compile OpenSSL and install/upgrade OpenSSL as follows.
[root@linuxhelp1 src]# cd openssl-1.0.2k/
[root@linuxhelp1 openssl-1.0.2k]# ./config
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring for linux-x86_64
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-gmp [default] OPENSSL_NO_GMP (skip dir)
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
.
.
make[1]: Leaving directory `/usr/src/openssl-1.0.2k/test'
Configured for linux-x86_64.
Now, trigger the installation process by invoking the make command.
[root@linuxhelp1 openssl-1.0.2k]# make
making all in crypto...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/crypto'
/usr/bin/perl ../util/mkbuildinf.pl " gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM" " linux-x86_64" > buildinf.h
.
.
make[1]: Entering directory `/usr/src/openssl-1.0.2k/tools'
make[1]: Nothing to be done for `all' .
make[1]: Leaving directory `/usr/src/openssl-1.0.2k/tools'
[root@linuxhelp1 openssl-1.0.2k]#
Once it is done, run make test command.
[root@linuxhelp1 openssl-1.0.2k]# make test
testing...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/test'
make[2]: Entering directory `/usr/src/openssl-1.0.2k'
making all in apps...
make[3]: Entering directory `/usr/src/openssl-1.0.2k/apps'
make[3]: Nothing to be done for `all' .
make[3]: Leaving directory `/usr/src/openssl-1.0.2k/apps'
make[2]: Leaving directory `/usr/src/openssl-1.0.2k'
../util/shlib_wrap.sh ./destest
.
.
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: " /usr/local/ssl"
Now give effect to the installation process by running make install command.
[root@linuxhelp1 openssl-1.0.2k]# make install
making all in crypto...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/crypto'
making all in crypto/objects...
make[2]: Entering directory `/usr/src/openssl-1.0.2k/crypto/objects'
make[2]: Nothing to be done for `all' .
make[2]: Leaving directory `/usr/src/openssl-1.0.2k/crypto/objects'
making all in crypto/md4...
make[2]: Entering directory `/usr/src/openssl-1.0.2k/crypto/md4'
make[2]: Nothing to be done for `all' .
make[2]: Leaving directory `/usr/src/openssl-1.0.2k/crypto/md4'
making all in crypto/md5...
.
.
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
If the old version is still displayed or installed before, please make a copy of OpenSSL bin file.
[root@linuxhelp1 openssl-1.0.2k]# mv /usr/bin/openssl /root/
[root@linuxhelp1 openssl-1.0.2k]# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
Now verify the OpenSSL version.
[root@linuxhelp1 openssl-1.0.2k]# openssl version
OpenSSL 1.0.2k 26 Jan 2017
Simple to install and update, isn' t it? OpenSSL has several uses as it provides the basic cryptographic functions and various utility functions. It can also be used to connect to a https service. Also, it can be used to verify an online certificate and to extract information from it through a command line.
linuxhelp
Jun 05 2019
Can you list the Files in the Directory where you extracted @doriangruezo
doriangruezo
May 31 2019
Hello, so, please help me, I do all the steps correctly but in the end it tells me this: # cd openssl-1.1.1a / bash: cd: openssl-1.0.2k /: Does not such a file or directory exist ???
Jethan
May 20 2019
Thanks :)
linuxhelp
Mar 10 2019
hi paslechoix It seems you already has openssl Verison 1.1.10 20
daniluck913
Sep 08 2017
replace "openssl-1.0.2k/" with openssl-1.0.2kl
Q
Why does my browser give a warning about a mismatched hostname?
A
Browsers expect the server's hostname to match the value in the common name (CN) field of the certificate. If it does not then you get a warning.
Q
"Why its need the OpenSSL?
A
OpenSSL is an open-source implementation of the SSL and TLS protocols which provides cryptographic functionality. OpenSSL is simple to install and updating it is also as simple as its installed
Q
"How do I find out what OpenSSL version I’m running?
A
"Please run the following command as ""openssl version OpenSSL 1.0.1e-fips 11 Feb 2013""
Q
"How do I get a list of available ciphers?
A
"Use the ciphers option. The ciphers(1) man page is quite helpful. # list all available ciphers openssl ciphers -v # list only TLSv1 ciphers openssl ciphers -v -tls1 # list only high encrypt
Q
"How do I sign a digest?
A
"signed digest will be foo-1.23.tar.gz.sha1 openssl dgst -sha256 \ -sign mykey.pem -out foo-1.23.tar.gz.sha1 \ foo-1.23.tar.gz