How to upgrade OpenSSL on Centos 7 or RHEL 7
45,911 views
OpenSSL is a library that provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web servers, MySQl databases and email applications. The list parameters standard-commands, digest-commands, and cipher-commands output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, respectively, that are available in the present openssl utility.
You may need an operating system RHEL 7 or Centos 7 in your dedicated or vps server. Please make sure to set a hostname for your server and its dns is pointing to the IP address of the server.
Get the current version with “openssl version” and “yum info openssl” command :
# openssl version OpenSSL 1.0.1e-fips 11 Feb 2013
You can also check the available version in the vendors directory too.
# yum info openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.ratiokontakt.de
* epel: mirrors.n-ix.net
* extras: mirror.de.leaseweb.net
* updates: mirror.softaculous.com
Installed Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 51.el7_2.1
Size : 1.5 M
Repo : installed
From repo : updates
Summary : Utilities from the general purpose cryptography library with TLS
: implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
: between machines. OpenSSL includes a certificate management tool
: and shared libraries which provide various cryptographic
: algorithms and protocols.
Available Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.1e
Release : 51.el7_2.2
Size : 711 k
Repo : updates/7/x86_64
Summary : Utilities from the general purpose cryptography library with TLS
: implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
: between machines. OpenSSL includes a certificate management tool
: and shared libraries which provide various cryptographic
: algorithms and protocols.
To download the latest version of OpenSSL, do as follows:
# cd /usr/local/src # wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz # tar -zxf openssl-1.0.2-latest.tar.gz
To manually compile OpenSSL and install/upgrade OpenSSL, do as follows:
# cd openssl-1.0.2a # ./config # make # make test # make install
If the old version is still displayed or installed before, please make a copy of openssl bin file :
# mv /usr/bin/openssl /root/ # ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
Now verify the OpenSSL version.
# openssl version OpenSSL 1.0.2e 3 Dec 2015
Note: Compiling Openssl major version may case issues with other system binaries. So please do the needfull to avoid the corruptions.
Thanks for the instructions. Those helped. Just one hint: for my CentOS 7 instance, before “make” I had to execute “make depend”
Thank you very much
For 1.1.0c install; you’ll need to do it as a non-root user + non-root user must have a sudo access;
1] as root :
yum -y remove openssl
[Note this ends up removing authconfig in centos 7]
2] as non-root user:
./config
make test
sudo make install
In Centos authconfig works only with ‘OpenSSL 1.0.1e-fips 11 Feb 2013’.
Question:
How do i get authconfig to install and work with openssl 1.1.0c ? –yes i need authconfig 🙂
Thank you. It works for Centos 6.5
Thanks for the instructions. Those helped!
The new version: cd openssl-1.0.2j
THis comment pretty much should be in red and bold at the TOP of the article — “Compiling Openssl major version may case issues with other system binaries. So please do the needfull to avoid the corruptions.”
It’s usefull, I success!
Thank you. This worked great!
Thanks for the blog. I have installed it in CentOS 6.9 and in the command line it shows the version correctly, but apache is taking the old version openssl. How can I fix this issue?
You need to compile apache with the option –with-openssl=/path-to-the-new-openssl