- How to install OpenSSL 3 on Ubuntu 20.04
- Install OpenSSL 3 on Ubuntu 20.04
- 1. Update System Repositories
- 2. Install OpenSSL 3 dependencies
- 3. Download OpenSSL 3
- 4. Install OpenSSL 3 on Ubuntu 20.04
- 5. Configure openssl 3 Binary
- Conclusion
- How to install OpenSSL in Ubuntu? [SOLVED]
- Method-1: Install From Repository
- Method-2: Install From Source Code
- Generating a Sample SSL Certificate
- Summary
- What is NEXT?
- References
How to install OpenSSL 3 on Ubuntu 20.04
OpenSSL 3 contains an open-source implementation of the SSL and TLS protocols. OpenSSL implements basic cryptographic function. The OpenSSL toolkit includes libssl, libcrypto and openssl which is the OpenSSL command-line tool, a swiss army knife for cryptographic tasks, testing, and analyzing. It can be used for:
- Creation of key parameters.
- Creation of x.509 certificates, CSRs and CRLs
- Encryption and decryption
- Calculation of message digests
- SSL/TLS client and server tests
- Handling of S/MIME signed or encrypted mail.
In this tutorial, I will show you how to install OpenSSL on Ubuntu 20.04. OpenSSL 3 is the latest long-term release for OpenSSL. OpenSSL is a software application that is used to secure communication between two different mediums in a computer network. It is used by the majority of web servers.
Install OpenSSL 3 on Ubuntu 20.04
1. Update System Repositories
To start installing OpenSSL 3 on Ubuntu 20.04, we need to update our system repositories in order to make them up to date. So to start with use the following command.
sudo apt update && apt upgrade -y
When upgrades and updates are complete, proceed to install dependencies.
2. Install OpenSSL 3 dependencies
We need to install the following dependencies so that when we install OpenSSL, we wouldn’t run into errors early on. The following dependencies will be installed with the following command.
sudo apt install build-essential checkinstall zlib1g-dev -y
3. Download OpenSSL 3
We need to head over to the OpenSSL download page to get the download link from there. We are going to use wget to make the download. First, make sure you are in this directory /usr/local/src/. So let’s cd into this directory then we proceed with the download.
cd /usr/local/src/ wget https://www.openssl.org/source/openssl-3.0.2.tar.gz
When the download is complete, proceed to extract the archive contents to your system.
sudo tar -xvf openssl-3.0.2.tar.gz
Before we can go ahead with the installation, cd into OpenSSL 3 you have extracted. For safety reasons lets ls to see the contents inside.
ls ACKNOWLEDGEMENTS.md HACKING.md NOTES-PERL.md README-PROVIDERS.md build.info e_os.h providers AUTHORS.md INSTALL.md NOTES-UNIX.md README.md config engines ssl CHANGES.md LICENSE.txt NOTES-VALGRIND.md SUPPORT.md config.com external test CONTRIBUTING.md NEWS.md NOTES-VMS.md VERSION.dat configdata.pm.in fuzz tools Configurations NOTES-ANDROID.md NOTES-WINDOWS.md VMS crypto include util Configure NOTES-DJGPP.md README-ENGINES.md apps demos ms wycheproof FAQ.md NOTES-NONSTOP.md README-FIPS.md appveyor.yml doc os-dep
4. Install OpenSSL 3 on Ubuntu 20.04
We are going to use the compilation method to install OpenSSL 3 for now. The default version of openssl 3 for now in my system is shown below.
openssl version -a OpenSSL 1.1.1f 31 Mar 2020 built on: Wed Mar 9 12:12:45 2022 UTC platform: debian-amd64 options: bn(64,64) rc4(16x,int) des(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-2iuOVN/openssl-1.1.1f=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_TLS_SECURITY_LEVEL=2 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2 OPENSSLDIR: "/usr/lib/ssl" ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1" Seeding source: os-specific
So to compile from the source run the following command.
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib make make test
#sample output Configuring OpenSSL version 3.0.2 for target linux-x86_64 Using os-specific seed configuration Creating configdata.pm Running configdata.pm Creating Makefile.in Creating Makefile ********************************************************************** *** *** *** OpenSSL has been successfully configured *** *** *** *** If you encounter a problem while building, please open an *** *** issue on GitHub *** *** and include the output from the following command: *** *** *** *** perl configdata.pm --dump *** *** *** *** (If you are new to OpenSSL, you might want to consult the *** *** 'Troubleshooting' section in the INSTALL.md file first) *** *** *** **********************************************************************
Please wait for the compiler to finish before proceeding with the make install command.
If you are successful with the installation, proceed to configure link libraries. The new OpenSSL loads files from /usr/local/ssl/lib directory, so lets cd into /etc/ld.so.conf.d/ and add the following .conf file, use your favourite text editor.
cd /etc/ld.so.conf.d/ sudo vi openssl-3.0.2.conf
Add this into the file /usr/local/ssl/lib and reload the dynamic link with this command.
5. Configure openssl 3 Binary
We now need to replace OpenSSL binary found in /usr/bin/openssl or /bin/openssl with the new version in /usr/local/ssl/bin/openssl. First backup the binary files.
mv /usr/bin/c_rehash /usr/bin/c_rehash.BEKUP mv /usr/bin/openssl /usr/bin/openssl.BEKUP
Then we need to edit /etc/environment with your favorite editor.
Add this /usr/local/ssl/bin to the end of the PATH
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"
Then we need to reload the environment variable.
source /etc/environment echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin
Conclusion
We have successfully installed OpenSSL 3 on Ubuntu 20.04. In case you face any challenges please consult the OpenSSL documentation wiki.
How to install OpenSSL in Ubuntu? [SOLVED]
OpenSSL is an open source software library for applications that protect against eavesdropping on communications over computer networks or the need to identify the other party. It is widely used by Internet servers, including most HTTPS websites.
In this article we will tell you how to install OpenSSL on Ubuntu 22.04.
In this article, both the installation from the repository and the installation steps from the source code will be explained.
Method-1: Install From Repository
Ubuntu has OpenSSL installed most of the time:
foc@ubuntu22:~$ dpkg -l | grep openssl ii openssl 3.0.2-0ubuntu1.6 amd64 Secure Sockets Layer toolkit - cryptographic utility
If it is not installed, first start by updating the package list:
foc@ubuntu22:~$ sudo apt update -y
Then install openssl package:
foc@ubuntu22:~$ sudo apt install openssl -y
Package version after installation:
foc@ubuntu22:~$ openssl version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
Installation was successful completed.
Method-2: Install From Source Code
Before the installation update the packages list:
foc@ubuntu22:~$ sudo apt update -y
foc@ubuntu22:~$ sudo apt install build-essential checkinstall zlib1g-dev -y
Go to the official website and right click on the download link and copy the link:
Download the compressed file with the wget command:
foc@ubuntu22:~$ sudo wget https://www.openssl.org/source/openssl-3.1.0-alpha1.tar.gz --2022-12-11 11:37:46-- https://www.openssl.org/source/openssl-3.1.0-alpha1.tar.gz Resolving www.openssl.org (www.openssl.org). 104.70.110.18, 2a02:26f0:cb00:1a0::c1e, 2a02:26f0:cb00:186::c1e Connecting to www.openssl.org (www.openssl.org)|104.70.110.18|:443. connected. HTTP request sent, awaiting response. 200 OK Length: 15343477 (15M) [application/x-gzip] Saving to: ‘openssl-3.1.0-alpha1.tar.gz’ openssl-3.1.0-alp 100%[=============>] 14.63M 1.84MB/s in 6.6s 2022-12-11 11:37:53 (2.21 MB/s) - ‘openssl-3.1.0-alpha1.tar.gz’ saved [15343477/15343477]
Then unzip the compressed file, move it to /usr/local/src :
foc@ubuntu22:~$ sudo tar -xzvf openssl-3.1.0-alpha1.tar.gz -C /usr/local/src/ && sudo mv /usr/local/src/openssl-3.1.0-alpha1/* /usr/local/src
Switch to /usr/local/src/ directory:
foc@ubuntu22:~$ cd /usr/local/src/
Run the following command to start compiling:
foc@ubuntu22:/usr/local/src$ sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib Configuring OpenSSL version 3.1.0-alpha1 for target linux-x86_64 Using os-specific seed configuration Created configdata.pm Running configdata.pm Created Makefile.in Created Makefile Created include/openssl/configuration.h ********************************************************************** *** *** *** OpenSSL has been successfully configured *** *** *** *** If you encounter a problem while building, please open an *** *** issue on GitHub *** *** and include the output from the following command: *** *** *** *** perl configdata.pm --dump *** *** *** *** (If you are new to OpenSSL, you might want to consult the *** *** 'Troubleshooting' section in the INSTALL.md file first) *** *** *** **********************************************************************
Then run «make» and «make test»
foc@ubuntu22:/usr/local/src$ sudo make && sudo make test
If Result: Pass, you can continue the installation with the «make install» command.
foc@ubuntu22:/usr/local/src$ sudo make install
If you have successfully installed OpenSSL, configure the library directory. OpenSSL will look for the file in the ‘ /usr/local/ssl/lib ‘ directory. We will add a file to the ld.so.conf.d directory under the /etc directory and make it reach the ‘ /usr/local/src/ssl ‘ files.
foc@ubuntu22:/usr/local/src$ cd /etc/ld.so.conf.d/ foc@ubuntu22:/etc/ld.so.conf.d$ sudo nano openssl-3.1.0.conf
Create necessary links and cache for newly added libraries with ldconfig :
foc@ubuntu22:/etc/ld.so.conf.d$ sudo ldconfig -v /usr/local/ssl/lib64: (from /etc/ld.so.conf.d/openssl-3.1.0.conf:1) libcrypto.so.3 -> libcrypto.so.3 libssl.so.3 -> libssl.so.3
Backup and remove OpenSSL files located in /usr/bin/openssl or /bin/openssl so you can use them again in case of problems.
foc@ubuntu22:/etc/ld.so.conf.d$ sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup foc@ubuntu22:/etc/ld.so.conf.d$ sudo mv /usr/bin/openssl /usr/bin/openssl.backup
Add the PATH of the new openssl version:
foc@ubuntu22:/etc/ld.so.conf.d$ export PATH="/usr/local/ssl/bin:$PATH" foc@ubuntu22:/etc/ld.so.conf.d$ source ~/.bashrc
View the new OpenSSL version:
foc@ubuntu22:/etc/ld.so.conf.d$ openssl version OpenSSL 3.1.0-alpha1 1 Dec 2022 (Library: OpenSSL 3.1.0-alpha1 1 Dec 2022)
Generating a Sample SSL Certificate
Create a claim for the certificate to be generated:
foc@ubuntu22:~$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
Extract the encrypted key:
foc@ubuntu22:~$ openssl rsa -passin pass:x -in server.pass.key -out server.key writing RSA key
foc@ubuntu22:~$ openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:TR State or Province Name (full name) [Some-State]:Ankara Locality Name (eg, city) []:Cankaya Organization Name (eg, company) [Internet Widgits Pty Ltd]:GolinuxCloud Organizational Unit Name (eg, section) []:Technology Common Name (e.g. server FQDN or YOUR name) []:golinuxcloud Email Address []:foc@golinuxcloud.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:Password@1 An optional company name []:Password@1
Then create the certificate:
foc@ubuntu22:~$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt Certificate request self-signature ok subject=C = TR, ST = Ankara, L = Cankaya, O = GolinuxCloud, OU = Technology, CN = golinuxcloud, emailAddress = foc@golinuxcloud.com
foc@ubuntu22:~$ ls -l -rw-rw-r-- 1 foc foc 1350 Dec 11 12:04 server.crt -rw-rw-r-- 1 foc foc 1143 Dec 11 12:04 server.csr -rw------- 1 foc foc 1704 Dec 11 12:01 server.key -rw------- 1 foc foc 1854 Dec 11 12:00 server.pass.key
Summary
We explained how to install OpenSSL on Ubuntu with 2 different methods. If there is no reason, it is recommended to install from the Ubuntu repository.
After the installation, we talked about creating a certificate in a simple way. For more, we share the links below.
What is NEXT?
References
Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.
For any other feedbacks or questions you can either use the comments section or contact me form.
Thank You for your support!!