Openssl linux установка centos

Bill-tran / how-to-install-openssl-1.1.1-on-centos-7.md

This tutorial goes through how to install openssl 1.1.1 on CentOS 7, since the yum repo only installs up to openssl 1.0.

Install required packages

yum install -y make gcc perl-core pcre-devel wget zlib-devel 

Download the latest version of OpenSSL source code

wget https://ftp.openssl.org/source/openssl-1.1.1k.tar.gz 

Configure, build and install OpenSSL

Uncompress the source file

tar -xzvf openssl-1.1.1k.tar.gz 

Change to the OpenSSL directory

Configure the package for compilation

./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic 

Create environment variable file

Add the following content

export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64 

Load the environment variable

source /etc/profile.d/openssl.sh 

Verify the OpenSSL version

-bash: vim: command not found
[root@***** ~]#

Thanks a bunch for this one @Bill-tran ! Saved me hours of frustration probably 😆 !

I followed exact steps —
openssl version
OpenSSL 1.1.1 11 Sep 2018

But still I get below error —
ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the ‘ssl’ module is compiled with OpenSSL 1.0.2k-fips 26 Jan 2017. See: urllib3/urllib3#2168

Источник

How to Install OpenSSL from Source in CentOS and Ubuntu

OpenSSL is a full-featured software library that contains an open-source implementation of the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, used for securing information transmitted over computer networks.

It is a general-purpose cryptography library and supports a number of different cryptographic algorithms including AES, Blowfish; MD5, MD4, SHA-1, SHA-2 cryptographic hash functions; RSA, DSA, Diffie–Hellman key exchange, Elliptic curve and many others.

In this article, we will explain how to install the latest stable version of OpenSSL from sources on CentOS and Ubuntu based distributions.

Step 1: Install Development Tools

1. To compile OpenSSL manually from sources, you need to first install few dependencies such as “Development Tools” under RHEL/CentOS/Fedora or “build-essential” in Debian/Ubuntu as shown.

------------------- On CentOS, RHEL & Fedora ------------------- # yum group install 'Development Tools' && yum install perl-core libtemplate-perl zlib-devel ------------------- On Ubuntu & Debian ------------------- $ sudo apt update && apt install build-essential checkinstall zlib1g-dev libtemplate-perl

Step 2: Compile OpenSSL from Sources

2. Next, download the latest stable version of OpenSSL (v1.0.2 at the time of writing, which is a Long Term Support (LTS) release, supported until 31st December 2019), from the download page using following wget command and unpack it using tar command.

$ wget -c https://www.openssl.org/source/openssl-1.0.2p.tar.gz $ tar -xzvf openssl-1.0.2p.tar.gz

3. Now, move into the extracted directory, configure, build, after a successful build, test the libraries and install OpenSSL in the default location, which is /usr/local/ssl, by running the following commands.

$ cd openssl-1.0.2p/ $ ./config $ make $ make test $ sudo make install

4. Once you have successfully installed OpenSSL, you can move into the installation directory and view the various sub-directories and files using ls command.

$ cd /usr/local/ssl/ $ ls -l drwxr-xr-x. 2 root root 4096 Aug 22 06:37 bin drwxr-xr-x. 2 root root 4096 Aug 22 06:37 certs drwxr-xr-x. 3 root root 4096 Aug 22 06:37 include drwxr-xr-x. 4 root root 4096 Aug 22 06:37 lib drwxr-xr-x. 6 root root 4096 Aug 22 06:36 man drwxr-xr-x. 2 root root 4096 Aug 22 06:37 misc -rw-r--r--. 1 root root 10835 Aug 22 06:37 openssl.cnf drwxr-xr-x. 2 root root 4096 Aug 22 06:37 private

The following are important directories you need to take note of:

• bin – contains the openssl binary and some utility scripts.
• include/openssl – contains the header files needed for building your own programs that use libcrypto or libssl.
• lib – contains the OpenSSL library files.
• lib/engines – contains the OpenSSL dynamically loadable engines.
• man – contains the OpenSSL man-pages.
• share/doc/openssl/html – contains HTML rendition of the man-pages.
• certs – the default location for certificate files.
• private – the default location for private key files.

5. To check the version of OpenSSL you have just installed, run the following command.

$ /usr/local/ssl/bin/openssl version OpenSSL 1.0.2p 14 Aug 2018

6. To use the newly installed OpenSSL version on your system, you need to add the directory /usr/local/ssl/bin/ to your PATH, in the file ~/.bashrc (or the equivalent for your shell).

Add this line at the bottom of the file.

export PATH="/usr/local/ssl/bin:$"

Save and close the file and reload the configuration using the command below.

7. Now open a new terminal window and run the following commands to confirm that the new OpenSSL binary is located in your PATH and that you can run it without typing its full path.

$ whereis openssl openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/local/ssl/bin/openssl /usr/share/man/man1/openssl.1ssl.gz

$ openssl version OpenSSL 1.0.2p 14 Aug 2018

That’s all! In this article, we have explained how to install the latest OpenSSL version from source on Linux systems. If you have any questions, use the command form below to reach us.

Источник

Как обновить OpenSSL на Linux

Обновлено: 27.02.2023 Опубликовано: 20.01.2017

Данная инструкция протестирована на CentOS 6, 7, 8 и Ubuntu.

Посмотреть текущую версию

Узнать текущую версию openssl в Linux можно следующей командой:

Мы увидим что-то на подобие:

OpenSSL 1.0.2k-fips 26 Jan 2017

* в данном примере используется версия openssl 1.0.2k от 26 января 2017 года.

openssl: command not found

. значит пакет openssl не установлен в системе.

Обновить/установить openssl можно из репозитория операционной системы или собрав его из исходника. Мы рассмотрим оба варианта.

Из пакетов

Самый простой способ — воспользоваться репозиторием. Однако, в нем может находиться далеко не последняя версия.

В зависимости от типа Linux, наши команды будут немного отличаться.

а) Для DEB-систем (Debian, Ubuntu, Astra Linux):

б) Для RPM-систем (Rocky Linux, CentOS):

* также можно ввести yum update openssl.

Если будет найдено обновление, система предложит обновить пакет — отвечаем Y.

Если обновлений нет или будет установлена не последняя версия, выполняем установку из исходника.

Из исходника

Устанавливаем пакеты, необходимые для сборки пакета. Команда зависит от дистрибутива Linux.

а) Для DEB-систем:

apt install make gcc wget tar perl

б) Для RPM-систем:

yum install make gcc wget tar perl

Переходим по ссылке https://www.openssl.org/source/ и находим в описании LTS версию openssl:

* как видим, на момент написания обновления инструкции это была версия 1.1.1.

И копируем ссылку на ее скачивание:

На CentOS скачиваем исходник с использованием найденной ссылки:

И распаковываем его с последующим удалением:

tar -xvf openssl-*.tar.gz && rm -f openssl-*.tar.gz

Переходим в папку с распакованным исходником:

./config —prefix=/usr —openssldir=/usr

Система вернет полные сведения об openssl, например:

OpenSSL 1.1.1t 7 Feb 2023
built on: Mon Feb 27 11:17:07 2023 UTC
platform: linux-x86_64
options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
compiler: gcc -fPIC -pthread -m64 -Wa,—noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: «/usr»
ENGINESDIR: «/usr/lib/engines-1.1»
Seeding source: os-specific

Возможные ошибки

libssl.so.1.1: cannot open shared object file

При запуске команды openssl, система возвращает ошибку:

openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory

Причина: openssl не может найти нужную ей библиотеку (libssl.so), так как она распологается в нестандартном для операционной системы месте.

Решение: необходимо добавить в ldconfig правильный путь до libssl.so. Сначала найдем библиотеку, которой не хватает openssl:

Значит, путь до библиотеки /usr/lib64 — его и добавляем в ldconfig. Для это создаем файл:

Источник

How to install the latest version of OpenSSL on CentOS 7?

The security in the systems is something that should call our attention to those who like or work with Linux. Especially, if it is a server since in this equipment a lot of important data and services are sustained. In general, we can say that Linux is a fairly secure system because it includes fairly good security policies. However, also thanks to the inclusion of libraries specializing in encryption and data protection. Something vital in a job or in very important personal communications. That is why, in this post, we will show you how to install the latest version of OpenSSL on CentOS 7.

In case you do not know what OpenSSL is, we will tell you. OpenSSL is a security library included in all Linux systems. Its main objective is to provide an open source implementation of TLS and SSL protocols that protect and encrypt the transmission of data over a network. It is really important to use it because if our transmitted data falls into the hands of a third party, that person must decrypt it to get the information. This process is not easy to do, so by doing so, we safeguard the data.

So, let us start to install the latest version of OpenSSL on CentOS 7.

1.- Upgrade the system and install required packages

The first step is to update the system completely. This way you will have available all the available security updates.

Then, you have to install some required packages to install OpenSSL.

:~# yum install make gcc perl pcre-devel zlib-devel

2. Install the latest version of OpenSSL on CentOS 7

OpenSSL is included in almost all Linux distributions. The problem is that they include older versions that although maintained by the distribution itself to be safe, are not the most recent. So for that, we will use the safest method which is to install it from its source code. With this, we will get a clean and reliable system.

So, first, you need to download the latest version using wget. Install it first.

:~# yum install wget :~# wget https://ftp.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz

Of course, at the time of writing this post, the latest stable version of OpenSSL is 1.1.1.

After that, decompress the file.

Next, navigate to the generated folder.

Then, you have to start configuring the package compilation using ./configure. Besides that, you have to use some parameters like the prefix where the route will be established.

:~# ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic

The process may take a few minutes. So you have to wait for it to finish.

Then, so you do not have problems using the library, you need to export the paths.

:~# export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64 :~# echo "export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64" >> ~/.bashrc

Finally, check the OpenSSL version.

Conclusion

OpenSSL is a very important library of the Linux system. So it’s a good idea to have its latest version installed, to improve system security and data encryption. The installation process from the source code is not difficult and has many advantages.

Please share this post with your friends.

Источник