OpenSSL is an open source project that develop full-featured toolkit and tools for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols on Linux and other systems.
The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.
Most network communication apps and tools that use TLS / SSL protocols may have some OpenSSL tools installed in them. If you’re going to be using applications and packages that depend on the latest versions of OpenSSL, you may have to manually install it on Ubuntu systems.
The default toolket of OpenSSL that comes with Ubuntu isn’t the latest. To get the latest, you must download it your self and install. and this brief tutorial is going to show you how.
This post shows students and new users how to install the latest version of OpenSSL on Ubuntu 16.04 | 18.04 LTS servers and desktop. To get started with installing OpenSSL, follow the steps below:
Step 1: Download OpenSSL Package
To get the latest OpenSSL installed on Ubuntu, go to its homepage and download the latest version. As of this writing, version 1.1.1 (LTS) is the latest.
Click the link below to visit its download page.
Step 2: Install OpenSSL Manually
Below are commands that will help you download and install OpenSSL toolkit on Ubuntu 16.04 | 18.04 LTS systems., may also work on future versions.
To download, run the commands below
cd /tmp
wget source/openssl-1.1.1.tar.gz
tar xvf openssl-1.1.1.tar.gz
After downloading, run the commands below to install.
cd openssl-1.1.1 sudo ./config -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' sudo make sudo make install
After that the version of OpenSSL you downloaded should be installed. however all files, including binaries and man pages are install under the directory /usr/local/ssl.
OpenSSL 1.1.1 11 Sep 2018 built on: Sun Sep 23 22:27:39 2018 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/lib/engines-1.1" Seeding source: os-specific
Ubuntu default OpenSSL version is installed in the /usr/lib/ssl and it’s where apps that need to use SSL look by default. You’ll need to reference the version you installed.
OpenSSL 1.1.0g 2 Nov 2017 built on: reproducible build, date unspecified platform: debian-amd64 compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/x86_64-linux-gnu/engines-1.1\"" OPENSSLDIR: "/usr/lib/ssl" ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"
To ensure that Ubuntu use this version of OpenSSL instead of the previous version you must update the paths for man pages and binaries. Edit the file /etc/manpath.config adding the following line before the first MANPATH_MAP:
Run the commands below option Ubuntu default man page
sudo nano /etc/manpath.config
Then add the following highlighted line at the end of the lines as shown below.
MANPATH_MAP /sbin /usr/share/man
MANPATH_MAP /usr/sbin /usr/share/man
MANPATH_MAP /usr/local/bin /usr/local/man
MANPATH_MAP /usr/local/bin /usr/local/share/man
MANPATH_MAP /usr/local/sbin /usr/local/man
MANPATH_MAP /usr/local/sbin /usr/local/share/man
MANPATH_MAP /usr/X11R6/bin /usr/X11R6/man
MANPATH_MAP /usr/bin/X11 /usr/X11R6/man
MANPATH_MAP /usr/games /usr/share/man
MANPATH_MAP /opt/bin /opt/man
MANPATH_MAP /opt/sbin /opt/man
MANPATH_MAP /usr/local/ssl/bin /usr/local/ssl/man
Save the fille and exit.
Then run the commands below to update the manual database.
sudo mandb
Now when you type man openssl command you’ll get the updated version of the man page for OpenSSL
You can also update the execution path to include the new location for OpenSSL. run the commands below to open Ubuntu environment configuration file.
sudo nano /etc/environment
Then add the /usr/local/ssh/bin as shown in the line below. Use the exact path as shown.
PATH="/usr/local/sbin:/usr/local/bin:/usr/local/ssl/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"
Save the file and exit.
Restart Ubuntu and hopefully, your new OpenSSL version should be recognized by Ubuntu.
Although some apps may now automatically use the new version of OpenSSL, existing programs (e.g. Apache , Nginx) may not as they are linked against the libraries from the Ubuntu version..
You may have to manually use the newer version to rebuild individual app to use the newer version of OpenSSL by referencing the new path.
Enjoy!
You may also like the post below: