How to install and update OpenSSL on Ubuntu 16.04
To install and update OpenSSL on Ubuntu 16.04
OpenSSL is an open-source implementation of the SSL and TLS protocols. It is so simple to install and update OpenSSL on a Ubuntu machine, and this article deals with the same.
To Install and Update OpenSSL
Before starting the installation of OpenSSL, get the current version of OpenSSL by using the following command.
root@linuxhelpubnt:~# openssl version
OpenSSL 1.0.2g 1 Mar 2016
After that, download the latest version of OpenSSL by deploying the following command.
root@linuxhelpubnt:~# cd /usr/src
root@linuxhelpubnt:/usr/src# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
--2017-03-01 15:48:20-- https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
Resolving www.openssl.org (www.openssl.org)... 104.108.239.184, 2600:140f:b:186::c1e, 2600:140f:b:182::c1e
Connecting to www.openssl.org (www.openssl.org)|104.108.239.184|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://www.openssl.org/source/openssl-1.0.2k.tar.gz [following]
--2017-03-01 15:48:21-- https://www.openssl.org/source/openssl-1.0.2k.tar.gz
Reusing existing connection to www.openssl.org:443.
HTTP request sent, awaiting response... 200 OK
Length: 5309236 (5.1M) [application/x-gzip]
Saving to: ‘ openssl-1.0.2-latest.tar.gz’
openssl-1.0.2-latest.tar.g 100%[=======================================> ] 5.06M 344KB/s in 19s
2017-03-01 15:48:40 (275 KB/s) - ‘ openssl-1.0.2-latest.tar.gz’ saved [5309236/5309236]
Once it is downloaded, extract the downloaded OpenSSL tar file as follows.
root@linuxhelpubnt:/usr/src# tar -zxf openssl-1.0.2-latest.tar.gz
To manually compile OpenSSL and install/upgrade OpenSSL, make use of the following command.
root@linuxhelpubnt:/usr/src# cd openssl-1.0.2k
root@linuxhelpubnt:/usr/src/openssl-1.0.2k# ./config
Operating system: x86_64-whatever-linux2
Configuring for linux-x86_64
Configuring for linux-x86_64
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-gmp [default] OPENSSL_NO_GMP (skip dir)
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
no-libunbound [experimental] OPENSSL_NO_LIBUNBOUND (skip dir)
no-md2 [default] OPENSSL_NO_MD2 (skip dir)
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
no-sctp [default] OPENSSL_NO_SCTP (skip dir)
no-shared [default]
no-ssl-trace [default] OPENSSL_NO_SSL_TRACE (skip dir)
no-ssl2 [default] OPENSSL_NO_SSL2 (skip dir)
.
.
make[1]: Entering directory ' /usr/src/openssl-1.0.2k/test'
md2test.c => dummytest.c
rc5test.c => dummytest.c
jpaketest.c => dummytest.c
make[1]: Leaving directory ' /usr/src/openssl-1.0.2k/test'
Configured for linux-x86_64.
After it is done, prepare the installation of OpenSSL by runninng the make command.
root@linuxhelpubnt:/usr/src/openssl-1.0.2k# make
making all in crypto...
make[1]: Entering directory ' /usr/src/openssl-1.0.2k/crypto'
/usr/bin/perl ../util/mkbuildinf.pl " gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM" " linux-x86_64" > buildinf.h
gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o cryptlib.o cryptlib.c
gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o mem.o mem.c
gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -c -o mem_dbg.o mem_dbg.c
.
.
make[1]: Entering directory ' /usr/src/openssl-1.0.2k/tools'
make[1]: Nothing to be done for ' all' .
make[1]: Leaving directory ' /usr/src/openssl-1.0.2k/tools'
root@linuxhelpubnt:/usr/src/openssl-1.0.2k#
After it, run the make test command as follows.
root@linuxhelpubnt:/usr/src/openssl-1.0.2k# make test
testing...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/test'
make[2]: Entering directory `/usr/src/openssl-1.0.2k'
making all in apps...
make[3]: Entering directory `/usr/src/openssl-1.0.2k/apps'
make[3]: Nothing to be done for `all' .
make[3]: Leaving directory `/usr/src/openssl-1.0.2k/apps'
make[2]: Leaving directory `/usr/src/openssl-1.0.2k'
../util/shlib_wrap.sh ./destest
.
.
-DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
OPENSSLDIR: " /usr/local/ssl"
Once the command is executed, run the make install command which triggers the installation process.
root@linuxhelpubnt:/usr/src/openssl-1.0.2k# make install
making all in crypto...
make[1]: Entering directory `/usr/src/openssl-1.0.2k/crypto'
making all in crypto/objects...
make[2]: Entering directory `/usr/src/openssl-1.0.2k/crypto/objects'
make[2]: Nothing to be done for `all' .
make[2]: Leaving directory `/usr/src/openssl-1.0.2k/crypto/objects'
making all in crypto/md4...
make[2]: Entering directory `/usr/src/openssl-1.0.2k/crypto/md4'
make[2]: Nothing to be done for `all' .
make[2]: Leaving directory `/usr/src/openssl-1.0.2k/crypto/md4'
making all in crypto/md5...
.
.
cp openssl.pc /usr/local/ssl/lib/pkgconfig
chmod 644 /usr/local/ssl/lib/pkgconfig/openssl.pc
If the old version is still displayed or installed before, please make a copy of openssl bin file
root@linuxhelpubnt:/usr/src/openssl-1.0.2k# mv /usr/bin/openssl /root/
root@linuxhelpubnt:/usr/src/openssl-1.0.2k# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
Now verify the OpenSSL version.
root@linuxhelpubnt:/usr/src/openssl-1.0.2k# openssl version
OpenSSL 1.0.2k 26 Jan 2017
Simple to install and update, isn' t it? OpenSSL has several uses as it provides the basic cryptographic functions and various utility functions. It can also be used to connect to a https service. Also, it can be used to verify an online certificate and to extract information from it through a command line.
dhruvkumar
Sep 16 2023
not work for me
larry
May 03 2018
worked great for me on ubuntu 16.04 DT
azhar
Apr 26 2018
did not work for me.
dukemaster
Sep 29 2017
This is a good and decent tutorial. It helped me to install openssl-1.0.2l on my 1and1 dedicated server with Plesk Onyx. But tonight I wanted to upgrade to openssl-1.1.0f and it failed by "make test". I ignored it and made "make install". Now the whole openssl (old one) is broken by my mistake. Do you have an advice or help to help me out of this desaster. Deleting and making a new (old or new) installation. Please, help. Lots of greets and thanks for the tutorial which was a gift and basic for other installations (nginx, ngx_pagespeed).
curiousbutton
Apr 20 2017
why is openssl install in usr/src....using sudo worked but why?
Q
How do I check the authenticity of the OpenSSL distribution?
A
"We provide PGP signatures and a variety of digests on each release. For example, one of the following might work on your system:
sha1sum TARBALL | awk '{print $1;}' | cmp - TARBALL.sha1
sha256sum TARBALL | awk '{print $1;}' | cmp - TARBALL.sha256"
sha1sum TARBALL | awk '{print $1;}' | cmp - TARBALL.sha1
sha256sum TARBALL | awk '{print $1;}' | cmp - TARBALL.sha256"
Q
Why can't I create certificate requests?
A
"You typically get the error:
unable to find 'distinguished_name' in the config
problems making Certificate Request"
unable to find 'distinguished_name' in the config
problems making Certificate Request"
Q
Why can't I use OpenSSL certificates with SSL client authentication?
A
"You can print out the servers list of acceptable CAs using the OpenSSL s_client tool:
openssl s_client -connect www.some.host:443 -prexit
If your server only requests certificates on certain URLs then you may need to manually issue an HTTP GET command to get the list when s_client connects:
GET /some/page/needing/a/certificate.html"
openssl s_client -connect www.some.host:443 -prexit
If your server only requests certificates on certain URLs then you may need to manually issue an HTTP GET command to get the list when s_client connects:
GET /some/page/needing/a/certificate.html"
Q
Why does my browser give a warning about a mismatched hostname?
A
Browsers expect the server's hostname to match the value in the common name (CN) field of the certificate. If it does not then you get a warning.
Q
Where are the declarations and implementations of d2i_X509(3) etc?
A
"These are defined and implemented by macros of the form:
DECLARE_ASN1_FUNCTIONS(X509) and
IMPLEMENT_ASN1_FUNCTIONS(X509)"
DECLARE_ASN1_FUNCTIONS(X509) and
IMPLEMENT_ASN1_FUNCTIONS(X509)"