1. Home
  2. Linux
  3. How to upgrade OpenSSL v1.0.1e to v1.0.2 on CentOS/RHEL

How to upgrade OpenSSL v1.0.1e to v1.0.2 on CentOS/RHEL

OpenSSL is an open source toolkit that provides tons of functionalities for Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols for popular applications like secure web server, MySQL Databases and email applications.

While working on a project to setup a certification authority using OpenCA on CentOS 6, found that OpenSSL version that comes by default is v1.0.1e which is out of support and should not be used, according to official OpenSSL webpage. Only 1.0.2 series is being supported as LTS release until 31st Dec 2019!

So, I upgraded the default OpenSSL version to the Long Term Support (LTS) OpenSSL 1.0.2l and here is the step-by-step guide for those who want to do the same.

How to upgrade OpenSSL

Step 1: Verify the current OpenSSL version

Verify the current OpenSSL version and also check the vendors directory for any update available through yum!

# openssl version
# yum info openssl

Installed Packages
Name : openssl
Arch : x86_64
Version : 1.0.1e
Release : 57.el6
Size : 4.1 M
Repo : installed
From repo : base
Summary : A general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
 : machines. OpenSSL includes a certificate management tool and shared
 : libraries which provide various cryptographic algorithms and
 : protocols.

Available Packages
Name : openssl
Arch : i686
Version : 1.0.1e
Release : 57.el6
Size : 1.5 M
Repo : base
Summary : A general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
 : machines. OpenSSL includes a certificate management tool and shared
 : libraries which provide various cryptographic algorithms and
 : protocols.

From the above yum output, we see that there is no version available for upgradation.

Step 2: Download the latest version of OpenSSL

# cd /usr/local/src
# wget https://www.openssl.org/source/openssl-1.0.2l.tar.gz
# tar -xvzf openssl-1.0.2l.tar.gz
OpenSSL version

As of writing this article, the latest version of OpenSSL is 1.0.2l

Step 3: How to manually compile and install OpenSSL

We need to manually compile OpenSSL to install/upgrade.

# cd openssl-1.0.2l
# ./config
# make depend
# make
# make test
# make install

If you don’t get any error messages and complete the above steps, OpenSSL has been installed. Voila!

Do you get an error?

Can’t locate Test/Harness.pm during the installation? Well, here’s solution for the same.

Another error

Can’t locate Module/Load/Conditional.pm and the solution is here.

Step 4: Move the newly installed OpenSSL binary to the PATH

Now, if you check the OpenSSL version, for your surprise, it wouldn’t have changed! So, take a backup of old OpenSSL binary and link the newly installed OpenSSL binary to the /usr/bin/openssl as below:

mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

Step 5: Verify the newly installed OpenSSL version

# openssl version
OpenSSL 1.0.2l 25 May 2017

Do you get an error Error loading shared libraries libcrypto.so.1.1 while executing openssl command? Then jump to this tutorial to fix it.

Step 6: Generate self signed certificate

Now OpenSSL is upgraded. Try generating self signed certificate as mentioned in this tutorial.

Step 7: Verify SSL certificate.

The next step is to verify the generated certificate as explained in this tutorial.

Step 8: OpenSSL commands

OpenSSL can do plenty. Click here to learn more about OpenSSL commands.

Updated on November 7, 2017

Was this article helpful?

Related Articles

Comments

Add A Comment