How To Upgrade OpenSSL On RHEL And CentOS Operating Systems

OpenSSL is an open source tools for using the Secure Socket Layer (SSL) Transport Layer Security (TLS) protocol for web authentication. It provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web server, MySQL, Email and many more.

In this tutorial I will describe how you can upgrade OpenSSL on RHEL and CentOS systems.

Verify Current Installed OpenSSL Version

Follow the below command to get the current version of your system’s OpenSSL version.

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

OR, Alternatively you can also check the available version in the vendors directory too using below command

# yum info openssl

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.ratiokontakt.de
 * epel: mirrors.n-ix.net
 * extras: mirror.de.leaseweb.net
 * updates: mirror.softaculous.com
Installed Packages
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.1e
Release     : 51.el7_2.1
Size        : 1.5 M
Repo        : installed
From repo   : updates
Summary     : Utilities from the general purpose cryptography library with TLS
            : implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
            : between machines. OpenSSL includes a certificate management tool
            : and shared libraries which provide various cryptographic
            : algorithms and protocols.

Available Packages
Name        : openssl
Arch        : x86_64
Epoch       : 1
Version     : 1.0.1e
Release     : 51.el7_2.2
Size        : 711 k
Repo        : updates/7/x86_64
Summary     : Utilities from the general purpose cryptography library with TLS
            : implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications
            : between machines. OpenSSL includes a certificate management tool
            : and shared libraries which provide various cryptographic
            : algorithms and protocols.

Download Latest OpenSSL Version

Follow the below command to download the latest OpenSSL.

# cd /usr/local/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz

Compile And Install/Upgrade OpenSSL

Follow the below command to manually compile OpenSSL and install/upgrade it.

# cd openssl-1.0.2a
# ./config
# make
# make test
# make install

Fix a local setting warning from Perl

Warning:

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
    LANGUAGE = (unset),
    LC_ALL = (unset),
    LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

Add the following lines to your bashrc or bash_profile file on the host machine:

export LC_CTYPE=en_US.UTF-8
export LC_ALL=en_US.UTF-8

# source ~/.bashrc
# source ~/.bash_profile

Now again run the make commands verify the installation if you get same old version, please make a copy of OpenSSL bin file like below.

# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

Or if don’t found openssl binary in above path please also check this path /usr/local/bin/

ln -s /usr/local/bin/openssl /usr/bin/openssl

Now verify OpenSSL version again.

# openssl version
OpenSSL 1.0.2e 3 Dec 2015

Fix this below error if you faced.

# openssl version
openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

In my case I solved just exporting LD_LIBRARY_PATH before compile it again.

# export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64

Now run this below command that should keep saved the path also after rebooting machine.

# sudo ldconfig

That’s it.

Note : Compiling OpenSSL major version it may be corrupt other system binaries. Please be careful.

I hope this article will help to upgrade OpenSSL version on RHEL and CentOS systems. If you have any queries and problem please comment in comment section.