OpenSSL is an open source library for securing your websites and applications using TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocol. It is also used for encrypting and decrypting data. OpenSSL works well with most popular web servers including Apache, NGINX, etc. and supports popular encryption algorithms such as MD5, SHA-2, etc. In this article, we will look at how to install OpenSSL in Ubuntu. By default, it is already installed in most Linux systems. But if that is not so in your case or if you want to upgrade your OpenSSL, then you can read on to install OpenSSL from source on your system.
How to Install OpenSSL in Ubuntu
Here are the steps to install OpenSSL in Ubuntu.
1. Update Ubuntu System
Open terminal and run the following command to update your Ubuntu system packages.
$ sudo apt-get update && sudo apt-get upgrade
2. Check OpenSSL version
You may check the version of openssl on your system. If it is present on your system, you will see the latest version number, else it will give you an error.
$ openssl version -a 1.1.0
3. Install Prerequisites
Install prerequisites with the following command.
$ sudo apt install build-essential checkinstall zlib1g-dev -y
4. Download SSL
Run the following command to download the source package of OpenSSL. We are using OpenSSL 1.1.1. You may change it as per your requirement.
$ cd /usr/local/src/ $ sudo wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz
Extract the downloaded file with the following command.
$ sudo tar -xf openssl-1.1.1c.tar.gz
Navigate to extracted folder.
$ cd openssl-1.1.1c
5. Install OpenSSL
Run the following command to install OpenSSL.
$ sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib $ sudo make $ sudo make test $ sudo make install
6. Configure OpenSSL Shared Libraries
Create a new configuration file openssl-1.1.1c.conf for OpenSSL at /etc/ld.so.conf.d/
$ sudo vi /etc/ld.so.conf.d/openssl-1.1.1c.conf
Add the following line to it.
Save and exit the file. Reload it with the following command.
$ sudo ldconfig -v
7. Configure OpenSSL Binary
Next, we are going to replace the binary of our old OpenSSL version at /usr/bin/openssl with the new one that we just installed at /usr/local/ssl/bin/openssl
First we backup binary files. Then copy it with the following command.
$ sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup $ sudo mv /usr/bin/openssl /usr/bin/openssl.backup
Open environment PATH variable.
sudo vi /etc/environment
Add :/usr/local/bin/openssl folder to PATH variable. Please note the colon at the beginning of folder path.
Save and close the file. Now reload the PATH environment with the following command.
$ source /etc/environment
Now if you check the OpenSSL version again, it will show the latest version, indicating that Ubuntu is picking the right OpenSSL.
$ openssl version -a 1.1.1
That’s it. In this article, we have looked at how to install/upgrade OpenSSL on your Ubuntu/Debian System.
OpenSSL is a very useful library to generate certificate signing requests, private key-public key pairs, install SSL/TLS certificates and more. It is always advisable to install the latest version of Open SSL on your system to avoid any vulnerabilities and make use of the latest security updates available.