1. Introduction
OpenSSL is a library that provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web servers, MySQl databases and email applications. The list parameters standard-commands, digest-commands, and cipher-commands output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, respectively, that are available in the present openssl utility.
2. Requirements
You may need an operating system RHEL 7 or Centos 7 in your dedicated or vps server. Please make sure to set a hostname for your server and its dns is pointing to the IP address of the server.
3. Installation
Get the current version with “openssl version” and “yum info openssl” command :
# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
You can also check the available version in the vendors directory too.
# yum info openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.ratiokontakt.de
* epel: mirrors.n-ix.net
* extras: mirror.de.leaseweb.net
* updates: mirror.softaculous.com
Installed Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 51.el7_2.1
Size : 1.5 M
Repo : installed
From repo : updates
Summary : Utilities from the general purpose cryptography library with TLS
: implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
: between machines. OpenSSL includes a certificate management tool
: and shared libraries which provide various cryptographic
: algorithms and protocols.
Available Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 51.el7_2.2
Size : 711 k
Repo : updates/7/x86_64
Summary : Utilities from the general purpose cryptography library with TLS
: implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
: between machines. OpenSSL includes a certificate management tool
: and shared libraries which provide various cryptographic
: algorithms and protocols.
To download the latest version of OpenSSL, do as follows:
# cd /usr/local/src # wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz # tar -zxf openssl-1.0.2-latest.tar.gz
To manually compile OpenSSL and install/upgrade OpenSSL, do as follows:
# cd openssl-1.0.2a # ./config # make # make test # make install
If the old version is still displayed or installed before, please make a copy of openssl bin file :
# mv /usr/bin/openssl /root/ # ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
Now verify the OpenSSL version.
# openssl version OpenSSL 1.0.2e 3 Dec 2015
Note: Compiling Openssl major version may case issues with other system binaries. So please do the needfull to avoid the corruptions.
Thanks for the instructions. Those helped. Just one hint: for my CentOS 7 instance, before “make” I had to execute “make depend”
Thank you very much
For 1.1.0c install; you’ll need to do it as a non-root user + non-root user must have a sudo access;
1] as root :
yum -y remove openssl
[Note this ends up removing authconfig in centos 7]
2] as non-root user:
./config
make test
sudo make install
In Centos authconfig works only with ‘OpenSSL 1.0.1e-fips 11 Feb 2013’.
Question:
How do i get authconfig to install and work with openssl 1.1.0c ? –yes i need authconfig 🙂
Thank you. It works for Centos 6.5
Thanks for the instructions. Those helped!
The new version: cd openssl-1.0.2j
THis comment pretty much should be in red and bold at the TOP of the article — “Compiling Openssl major version may case issues with other system binaries. So please do the needfull to avoid the corruptions.”
It’s usefull, I success!
Thank you. This worked great!
Thanks for the blog. I have installed it in CentOS 6.9 and in the command line it shows the version correctly, but apache is taking the old version openssl. How can I fix this issue?
You need to compile apache with the option –with-openssl=/path-to-the-new-openssl
How do you reverse this process? I see that you moved the original version to /root, and added a link to the new path. I want to revert to the version installed by yum/rpm.
Very Thanks, .I have installed it and works well in comman line, but phpinfo says old openssl versión ??
You need to recompile php too
I executed the following command it update to the latest version
yum update openssl
Hi,
I have tried all the steps from the above.
but am unable to find /usr/local/ssl/bin/openssl.
I have upgraded the same.
OpenSSL 1.0.2s 28 May 2019
But When I try to execute url through Curl as it shows following error message. Not sure,
Warning: Couldn’t read data from file “test8.xml”, this makes an empty POST.
* About to connect() to test.navigatortransactionexchange.com port 443 (#0)
* Trying 69.87.16.44…
* Connected to test.navigatortransactionexchange.com (69.87.16.44) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
* Cannot communicate securely with peer: no common encryption algorithm(s).
* Error in TLS handshake, trying SSLv3…
> POST /NavigatorTransactionExchange/LegacyInterface.asmx HTTP/1.1
> User-Agent: curl/7.29.0
> Host: test.navigatortransactionexchange.com
> Accept: */*
> Content-Type: text/xml
> SOAPAction: “http://tempuri.org/WinscapeInterface/PostMessage”
> Content-Length: 0
>
* Connection died, retrying a fresh connect
* Closing connection 0
* Issue another request to this URL: ‘https://test.navigatortransactionexchange.com/NavigatorTransactionExchange/LegacyInterface.asmx’
* About to connect() to test.navigatortransactionexchange.com port 443 (#1)
* Trying 69.87.16.44…
* Connected to test.navigatortransactionexchange.com (69.87.16.44) port 443 (#1)
* TLS disabled due to previous handshake failure
* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
* Cannot communicate securely with peer: no common encryption algorithm(s).
* Closing connection 1
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
Please let me know what went wrong on this
Excelent tutorial
It works flawelesly for an installation of 1.0.1e on RHEL 6.4
Thanks for the pretty straight forward tutorial!
I get the following when following your procedure. I tried installing/reinstalling openssl with yum which did not help. Any suggestions ?
$ ldd /usr/local/bin/openssl
linux-vdso.so.1 => (0x00007ffe55932000)
libssl.so.1.1 => not found
libcrypto.so.1.1 => not found
libdl.so.2 => /lib64/libdl.so.2 (0x00007f7112787000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f711256b000)
libc.so.6 => /lib64/libc.so.6 (0x00007f711219d000)
/lib64/ld-linux-x86-64.so.2 (0x00007f711298b000)
Centos 7
I used make depend before make
error after install:
openssl version
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
solution:
ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
(credits from here: https://www.bswen.com/2018/11/others-Openssl-version-cause-error-when-loading-shared-libraries-libssl.so.1.1.html)
openssl version
OpenSSL 1.1.0l 10 Sep 2019
looks good now