How to install OpenSSL in Ubuntu? [SOLVED]


Ubuntu

Author: Omer Cakmak
Reviewer: Deepak Prasad

What is OpenSSL?

OpenSSL is an open source software library for applications that protect against eavesdropping on communications over computer networks or the need to identify the other party. It is widely used by Internet servers, including most HTTPS websites.
In this article we will tell you how to install OpenSSL on Ubuntu 22.04.

In this article, both the installation from the repository and the installation steps from the source code will be explained.

 

Method-1: Install From Repository

Ubuntu has OpenSSL installed most of the time:

foc@ubuntu22:~$ dpkg -l | grep openssl
ii  openssl                               3.0.2-0ubuntu1.6                        amd64        Secure Sockets Layer toolkit - cryptographic utility

If it is not installed, first start by updating the package list:

foc@ubuntu22:~$ sudo apt update -y

Then install openssl package:

foc@ubuntu22:~$ sudo apt install openssl -y

Package version after installation:

foc@ubuntu22:~$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Installation was successful completed.

 

Method-2: Install From Source Code

Before the installation update the packages list:

foc@ubuntu22:~$ sudo apt update -y

Install the requirements:

foc@ubuntu22:~$ sudo apt install build-essential checkinstall zlib1g-dev -y

Go to the official website and right click on the download link and copy the link:

How to install OpenSSL in Ubuntu? [SOLVED]

Download the compressed file with the wget command:

foc@ubuntu22:~$ sudo wget https://www.openssl.org/source/openssl-3.1.0-alpha1.tar.gz
--2022-12-11 11:37:46--  https://www.openssl.org/source/openssl-3.1.0-alpha1.tar.gz
Resolving www.openssl.org (www.openssl.org)... 104.70.110.18, 2a02:26f0:cb00:1a0::c1e, 2a02:26f0:cb00:186::c1e
Connecting to www.openssl.org (www.openssl.org)|104.70.110.18|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15343477 (15M) [application/x-gzip]
Saving to: ‘openssl-3.1.0-alpha1.tar.gz’

openssl-3.1.0-alp 100%[=============>]  14.63M  1.84MB/s    in 6.6s    

2022-12-11 11:37:53 (2.21 MB/s) - ‘openssl-3.1.0-alpha1.tar.gz’ saved [15343477/15343477]

Then unzip the compressed file, move it to /usr/local/src:

foc@ubuntu22:~$ sudo tar -xzvf openssl-3.1.0-alpha1.tar.gz -C /usr/local/src/ && sudo mv /usr/local/src/openssl-3.1.0-alpha1/* /usr/local/src

Switch to /usr/local/src/ directory:

foc@ubuntu22:~$ cd /usr/local/src/

Run the following command to start compiling:

foc@ubuntu22:/usr/local/src$ sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
Configuring OpenSSL version 3.1.0-alpha1 for target linux-x86_64
Using os-specific seed configuration
Created configdata.pm
Running configdata.pm
Created Makefile.in
Created Makefile
Created include/openssl/configuration.h

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL.md file first)      ***
***                                                                ***
**********************************************************************

Then run "make" and "make test"

foc@ubuntu22:/usr/local/src$ sudo make && sudo make test

If Result: Pass, you can continue the installation with the "make install" command.

foc@ubuntu22:/usr/local/src$ sudo make install

If you have successfully installed OpenSSL, configure the library directory. OpenSSL will look for the file in the '/usr/local/ssl/lib' directory. We will add a file to the ld.so.conf.d directory under the /etc directory and make it reach the '/usr/local/src/ssl' files.

foc@ubuntu22:/usr/local/src$ cd /etc/ld.so.conf.d/
foc@ubuntu22:/etc/ld.so.conf.d$ sudo nano openssl-3.1.0.conf
/usr/local/ssl/lib64

Create necessary links and cache for newly added libraries with ldconfig:

foc@ubuntu22:/etc/ld.so.conf.d$ sudo ldconfig -v

/usr/local/ssl/lib64: (from /etc/ld.so.conf.d/openssl-3.1.0.conf:1)
	libcrypto.so.3 -> libcrypto.so.3
	libssl.so.3 -> libssl.so.3

Backup and remove OpenSSL files located in /usr/bin/openssl or /bin/openssl so you can use them again in case of problems.

foc@ubuntu22:/etc/ld.so.conf.d$ sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup
foc@ubuntu22:/etc/ld.so.conf.d$ sudo mv /usr/bin/openssl /usr/bin/openssl.backup

Add the PATH of the new openssl version:

foc@ubuntu22:/etc/ld.so.conf.d$ export PATH="/usr/local/ssl/bin:$PATH"
foc@ubuntu22:/etc/ld.so.conf.d$ source ~/.bashrc

View the new OpenSSL version:

foc@ubuntu22:/etc/ld.so.conf.d$ openssl version
OpenSSL 3.1.0-alpha1 1 Dec 2022 (Library: OpenSSL 3.1.0-alpha1 1 Dec 2022)

 

Generating a Sample SSL Certificate

Create a claim for the certificate to be generated:

foc@ubuntu22:~$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048

Extract the encrypted key:

foc@ubuntu22:~$ openssl rsa -passin pass:x -in server.pass.key -out server.key
writing RSA key

and

foc@ubuntu22:~$ openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TR
State or Province Name (full name) [Some-State]:Ankara
Locality Name (eg, city) []:Cankaya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GolinuxCloud
Organizational Unit Name (eg, section) []:Technology
Common Name (e.g. server FQDN or YOUR name) []:golinuxcloud 
Email Address []:foc@golinuxcloud.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Password@1
An optional company name []:Password@1

Then create the certificate:

foc@ubuntu22:~$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
Certificate request self-signature ok
subject=C = TR, ST = Ankara, L = Cankaya, O = GolinuxCloud, OU = Technology, CN = golinuxcloud, emailAddress = foc@golinuxcloud.com

Created certificates:

foc@ubuntu22:~$ ls -l

-rw-rw-r--  1 foc  foc      1350 Dec 11 12:04 server.crt
-rw-rw-r--  1 foc  foc      1143 Dec 11 12:04 server.csr
-rw-------  1 foc  foc      1704 Dec 11 12:01 server.key
-rw-------  1 foc  foc      1854 Dec 11 12:00 server.pass.key

 

Summary

We explained how to install OpenSSL on Ubuntu with 2 different methods. If there is no reason, it is recommended to install from the Ubuntu repository.

After the installation, we talked about creating a certificate in a simple way. For more, we share the links below.

 

What is NEXT?

 

References

www.openssl.org - Downloads OpenSSL

 

Omer Cakmak

Omer Cakmak

He is highly skilled at managing Debian, Ubuntu, CentOS, Oracle Linux, and Red Hat servers. Proficient in bash scripting, Ansible, and AWX central server management, he handles server operations on OpenStack, KVM, Proxmox, and VMware. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment