What is OpenSSL?
OpenSSL is an open source software library for applications that protect against eavesdropping on communications over computer networks or the need to identify the other party. It is widely used by Internet servers, including most HTTPS websites.
In this article we will tell you how to install OpenSSL on Ubuntu 22.04.
In this article, both the installation from the repository and the installation steps from the source code will be explained.
Method-1: Install From Repository
Ubuntu has OpenSSL installed most of the time:
foc@ubuntu22:~$ dpkg -l | grep openssl
ii openssl 3.0.2-0ubuntu1.6 amd64 Secure Sockets Layer toolkit - cryptographic utility
If it is not installed, first start by updating the package list:
foc@ubuntu22:~$ sudo apt update -y
Then install openssl package:
foc@ubuntu22:~$ sudo apt install openssl -y
Package version after installation:
foc@ubuntu22:~$ openssl version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
Installation was successful completed.
Method-2: Install From Source Code
Before the installation update the packages list:
foc@ubuntu22:~$ sudo apt update -y
Install the requirements:
foc@ubuntu22:~$ sudo apt install build-essential checkinstall zlib1g-dev -y
Go to the official website and right click on the download link and copy the link:
Download the compressed file with the wget command:
foc@ubuntu22:~$ sudo wget https://www.openssl.org/source/openssl-3.1.0-alpha1.tar.gz
--2022-12-11 11:37:46-- https://www.openssl.org/source/openssl-3.1.0-alpha1.tar.gz
Resolving www.openssl.org (www.openssl.org)... 104.70.110.18, 2a02:26f0:cb00:1a0::c1e, 2a02:26f0:cb00:186::c1e
Connecting to www.openssl.org (www.openssl.org)|104.70.110.18|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15343477 (15M) [application/x-gzip]
Saving to: ‘openssl-3.1.0-alpha1.tar.gz’
openssl-3.1.0-alp 100%[=============>] 14.63M 1.84MB/s in 6.6s
2022-12-11 11:37:53 (2.21 MB/s) - ‘openssl-3.1.0-alpha1.tar.gz’ saved [15343477/15343477]
Then unzip the compressed file, move it to /usr/local/src
:
foc@ubuntu22:~$ sudo tar -xzvf openssl-3.1.0-alpha1.tar.gz -C /usr/local/src/ && sudo mv /usr/local/src/openssl-3.1.0-alpha1/* /usr/local/src
Switch to /usr/local/src/
directory:
foc@ubuntu22:~$ cd /usr/local/src/
Run the following command to start compiling:
foc@ubuntu22:/usr/local/src$ sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
Configuring OpenSSL version 3.1.0-alpha1 for target linux-x86_64
Using os-specific seed configuration
Created configdata.pm
Running configdata.pm
Created Makefile.in
Created Makefile
Created include/openssl/configuration.h
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL.md file first) ***
*** ***
**********************************************************************
Then run "make" and "make test"
foc@ubuntu22:/usr/local/src$ sudo make && sudo make test
If Result: Pass, you can continue the installation with the "make install" command.
foc@ubuntu22:/usr/local/src$ sudo make install
If you have successfully installed OpenSSL, configure the library directory. OpenSSL will look for the file in the '/usr/local/ssl/lib
' directory. We will add a file to the ld.so.conf.d
directory under the /etc
directory and make it reach the '/usr/local/src/ssl
' files.
foc@ubuntu22:/usr/local/src$ cd /etc/ld.so.conf.d/ foc@ubuntu22:/etc/ld.so.conf.d$ sudo nano openssl-3.1.0.conf
/usr/local/ssl/lib64
Create necessary links and cache for newly added libraries with ldconfig
:
foc@ubuntu22:/etc/ld.so.conf.d$ sudo ldconfig -v /usr/local/ssl/lib64: (from /etc/ld.so.conf.d/openssl-3.1.0.conf:1) libcrypto.so.3 -> libcrypto.so.3 libssl.so.3 -> libssl.so.3
Backup and remove OpenSSL files located in /usr/bin/openssl
or /bin/openssl
so you can use them again in case of problems.
foc@ubuntu22:/etc/ld.so.conf.d$ sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup foc@ubuntu22:/etc/ld.so.conf.d$ sudo mv /usr/bin/openssl /usr/bin/openssl.backup
Add the PATH of the new openssl version:
foc@ubuntu22:/etc/ld.so.conf.d$ export PATH="/usr/local/ssl/bin:$PATH" foc@ubuntu22:/etc/ld.so.conf.d$ source ~/.bashrc
View the new OpenSSL version:
foc@ubuntu22:/etc/ld.so.conf.d$ openssl version OpenSSL 3.1.0-alpha1 1 Dec 2022 (Library: OpenSSL 3.1.0-alpha1 1 Dec 2022)
Generating a Sample SSL Certificate
Create a claim for the certificate to be generated:
foc@ubuntu22:~$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
Extract the encrypted key:
foc@ubuntu22:~$ openssl rsa -passin pass:x -in server.pass.key -out server.key
writing RSA key
and
foc@ubuntu22:~$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TR
State or Province Name (full name) [Some-State]:Ankara
Locality Name (eg, city) []:Cankaya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GolinuxCloud
Organizational Unit Name (eg, section) []:Technology
Common Name (e.g. server FQDN or YOUR name) []:golinuxcloud
Email Address []:foc@golinuxcloud.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Password@1
An optional company name []:Password@1
Then create the certificate:
foc@ubuntu22:~$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt Certificate request self-signature ok subject=C = TR, ST = Ankara, L = Cankaya, O = GolinuxCloud, OU = Technology, CN = golinuxcloud, emailAddress = foc@golinuxcloud.com
Created certificates:
foc@ubuntu22:~$ ls -l -rw-rw-r-- 1 foc foc 1350 Dec 11 12:04 server.crt -rw-rw-r-- 1 foc foc 1143 Dec 11 12:04 server.csr -rw------- 1 foc foc 1704 Dec 11 12:01 server.key -rw------- 1 foc foc 1854 Dec 11 12:00 server.pass.key
Summary
We explained how to install OpenSSL on Ubuntu with 2 different methods. If there is no reason, it is recommended to install from the Ubuntu repository.
After the installation, we talked about creating a certificate in a simple way. For more, we share the links below.
What is NEXT?
- Generate duplicate certificates OpenSSL CA [Same CN]
- How to add X.509 extensions to certificate OpenSSL
- openssl ca vs openssl x509 comparison [With Examples]
- How to manually expire any certificate OpenSSL
References
www.openssl.org - Downloads OpenSSL