Comments on How to Install the latest OpenSSL version from Source on Linux

OpenSSL is a widely used crypto library that implements SSL and TLS protocols to secure communications over computer networks. In this tutorial, I will show you step-by-step how to install the latest stable OpenSSL version from source on the Ubuntu 22.04 and CentOS 7.6 servers.

40 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Udom
Reply  

Hi, I have upgrade to the latest version but I cannot incorparate this version to Apache. Do you have any suggestion?

 

Regards 

By: Alex
Reply  

What a great article!  Thanks a lot!!!

By: Norbert
Reply  

Good tutorial, although I preferred to not touch the old binaries, I simply added /usr/local/ssh/bin as the first entry of the $PATH. Note also that the files in /etc/ld.so.conf.d/ are parsed in alphabetical order.

By: Sonia
Reply  

How to give Cross compiler option?

 

I am trying to cross compile for power pc..using compiler:{CC=ppc4xx-linux-gcc --host=powerpc-linux --target=powerpc-linux --with-yielding_select=no} but make depend/make fails. Anything I can do?

By: Pooch
Reply  

Thank you for putting this together! I've been struggling with changing OpenSSL versions in Debian for some time now.

One thing I'm still unclear about is why we're using the shared option here when compiling. Is this required or is it simply to provide shared libraries of the correct version of OpenSSL for other applications that need it?

By: Kenny
Reply  

 Thanks very much. Good documentation and easy to follow.

By: Dennis
Reply  

To keep the PATH-Setting after reboot:

vim /etc/profile.d/openssl-start.sh

#!/bin/bash

source /etc/profile.d/openssl.sh

------------

vim /etc/systemd/system/openssl.service

 

[Unit]

After=mysql.service

 

[Service]

ExecStart=/etc/profile.d/openssl-start.sh

 

[Install]

WantedBy=default.target

--------------

 

systemctl enable openssl.service

By: Von
Reply  

Just in case if someone encountered a TAP OUT error. Please install the following

yum install perl-Module-Load-Conditional perl-core

By: Daniel
Reply  

Excellent Article!! Thank your for sharing :-)

By: Bruno Wego
Reply  

Thanks a lot!

By: Manuel
Reply  

Claro y facil. Muy buen trabajo. Gracias

Manuel

By: Jay
Reply  

Excellent article

By: Josh
Reply  

I needed to put 'sudo' before the make directives and then it worked!

By: Evaldo
Reply  

Thank you!

By: Rob
Reply  

Hello Muhammad, thanks so much. Your tutorial works perfectly. At first, I thought things were off, because on Ubuntu 'openssl version' gave me a not found response, but after a reboot, everything was well. Thanks again.

By: Rob
Reply  

By the way, maybe I should clarify I did the upgrade to openssl 1.1.1b.

By: Andrew
Reply  

Great Article! Worked like a charm, Thanks!

By: Rashmi Sikka
Reply  

Awesome article, one of the rarest!

By: Majid Zarrin
Reply  

Grate job!

Thank you so much!!!

By: Reese
Reply  

Having problems with wget, getting the error message "Unable to locally verfiy the issuer's authority. To connect to google.com insecurely, use '--no-check-certificate'. How do I resove this?

By: Luiz
Reply  

Me too.

You have a solution ?

By: luis angel
Reply  

thanks for the information

By: Dee
Reply  

Good tutorial for the beginners

By: Resilien
Reply  

easy and clean steps to follow what a article 

By: ByteHerder
Reply  

cp: `e_os2.h' and `/usr/src/redhat/openssl-1.0.2o/include/openssl/e_os2.h' are the same file

By: Naveen Prashanth
Reply  

Excellent article 

By: FanBelt32
Reply  

Thanks for the great working notes.  For Mint 20,  I had to go get Zlib.h & and new GCC to gain stdlib.h .

   Cheers,

   Fanbelt32

By: Alok
Reply  

Hi.

its very good job.

/Alok

By: Andres
Reply  

Did all of this steps and now lost root access on CentOS, anyone through same and knew how to fix it?

By: Rodrigo
Reply  

Very well done!!! Thanks!!

By: Hein Visser
Reply  

20210616 Thank you for this exellent guide. It works 100% on a Raspberry Pi 4 with freshly installed latest version of Raspberry Pi OS, uname -a : Linux pi4-6 5.10.17-v7l+ #1421 SMP Thu May 27 14:00:13 BST 2021 armv7l GNU/Linux

By: Jack
Reply  

I followed these instructions on some redhat servers and it appeared to work great, however, an SA teammate informed me to never use this procedure as it broke the capability to login to the servers via the console. I had yum uninstall openssl and openssl-devel and then linked /usr/local/ssl/bin/openssl to /bin/openssl

By: Manraj
Reply  

Thanks alot

By: Bathulah Mahir
Reply  

I update OpenSSL to version 1.1.1n, and looks like wget, curl have error after using this guideline upgrade, it shows the errors like 

 

ERROR: cannot verify bitbucket.org's certificate, issued by ‘CN=R3,O=Let's Encrypt,C=US’:

  Unable to locally verify the issuer's authority.

To connect to www.openssl.org insecurely, use `--no-check-certificate'.

By: Adam
Reply  

Thanks! Great article

By: Justin
Reply  

This was super useful, thank you!!

By: Donna
Reply  

Thank You. This is very useful.

By: Steven Davies-Morris
Reply  

Thank you for an extremely clear and easy to follow tutorial.  Got me to openssl 1.1.1q.  Now I can upgrade openSSH.

By: Sanshis
Reply  

If i install from rpm (EPEL)  and just replace openssl11 to openssl will it work, and what are the chances of breaking the system. 

mv /bin/openssl /bin/openssl.bak

mv /bin/openssl11 /bin/openssl

By: FritzX
Reply  

I discovered a little problem with the update and I hope to find a Linux guru here :)

https://forums.linuxmint.com/viewtopic.php?p=2422940#p2422940