In this article, we’ll explain how to install OpenSSL 1.1.1i on AlmaLinux.
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.
OpenSSL is licensed under an Apache-style license, which means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions. For a list of vulnerabilities, and the releases in which they were found and fixes, see our Vulnerabilities page.
Prerequisites
- A AlmaLinux installed dedicated server or KVM VPS.
- A root user access or normal user with administrative privileges.
Install OpenSSL 1.1.1i on AlmaLinux
1. Keep the server up to date
Always keep the server up to date the security purpose.
# dnf update -y
2. Install development tool
We need to install a development tool and few dependencies to install OpenSSL
# dnf group install ‘Development Tools’
3. Install dependencies
# dnf install perl-core zlib-devel -y
4. Download OpenSSL 1.1.1i
We will download the latest stable version is the 1.1.1 series. This is also our Long Term Support (LTS) version, supported until 11th September 2023.
# cd /usr/local/src/
# wget https://www.openssl.org/source/openssl-1.1.1i.tar.gz
Now, extract the tar file
# tar -xzvf openssl-1.1.1i.tar.gz
5. Configure and build
Navigate to the extracted directory and configure, build, test and install OpenSSL in the default location /usr/local/ssl.
# cd openssl-1.1.1i
Configure it with PATH
# ./config –prefix=/usr/local/ssl –openssldir=/usr/local/ssl shared zlib
Output:
Now, build
# make
# make test
# make install
6. Configure it shared libraries.
Once we have successfully installed OpenSSL, configure it shared libraries.
Naviagate to the /etc/ld.so.conf.d directory and create a configuration file.
# cd /etc/ld.so.conf.d/
# vi openssl-1.1.1i.conf
Add the following path in the config file
/usr/local/ssl/lib
Save and exit
Reload the dynamic link
# ldconfig -v
7. Configure OpenSSL Binary
Now, we are going to insert the binary of our new version of OpenSSL /usr/local/ssl/bin/openssl and replace the default openssl file.
First, take a backup of existed openssl file.
# mv /bin/openssl /bin/openssl.backup
Create new environment files for OpenSSL
# vi /etc/profile.d/openssl.sh
and add the following lines
OPENSSL_PATH=”/usr/local/ssl/bin”
export OPENSSL_PATH
PATH=$PATH:$OPENSSL_PATH
export PATH
Save & exit
Make the newly created file executable
# chmod +x /etc/profile.d/openssl.sh
Reload the new OpenSSL environment file and check the default PATH
# source /etc/profile.d/openssl.sh
# echo $PATH
Now, let’s verify the installation and version of the OpenSSL
# which openssl
# openssl version -a
Output will be similar like:
OpenSSL 1.1.1i 8 Dec 2020
built on: Wed Feb 3 13:08:08 2021 UTC
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,–noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DZLIB -DNDEBUG
OPENSSLDIR: “/usr/local/ssl”
ENGINESDIR: “/usr/local/ssl/lib/engines-1.1”
Seeding source: os-specific
That’s it, the installation has been completed successfully.
In this article, we’ve learned how to install OpenSSL 1.1.1i on AlmaLinux.