Skip to content

Instantly share code, notes, and snippets.

@Bill-tran

Bill-tran/how-to-install-openssl-1.1.1-on-centos-7.md

Created September 7, 2021 09:22
Show Gist options
  • Save Bill-tran/5e2ab062a9028bf693c934146249e68c to your computer and use it in GitHub Desktop.
Save Bill-tran/5e2ab062a9028bf693c934146249e68c to your computer and use it in GitHub Desktop.
Download ZIP
How to install openssl 1.1.1 on CentOS 7
Raw
how-to-install-openssl-1.1.1-on-centos-7.md

How To Install OpenSSL 1.1.1 on CentOS 7

This tutorial goes through how to install openssl 1.1.1 on CentOS 7, since the yum repo only installs up to openssl 1.0.

Requirements

Upgrade the system

yum -y update

Install required packages

yum install -y make gcc perl-core pcre-devel wget zlib-devel

Download the latest version of OpenSSL source code

wget https://ftp.openssl.org/source/openssl-1.1.1k.tar.gz

Configure, build and install OpenSSL

Uncompress the source file

tar -xzvf openssl-1.1.1k.tar.gz

Change to the OpenSSL directory

cd openssl-1.1.1k

Configure the package for compilation

./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib no-shared zlib-dynamic

Compile package

make

Test compiled package

make test

Install compiled package

make install

Export library path

Create environment variable file

vim /etc/profile.d/openssl.sh

Add the following content

export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64

Load the environment variable

source /etc/profile.d/openssl.sh

Verify the OpenSSL version

openssl version
@pfandl
Copy link

pfandl commented Sep 27, 2023

It seems like that you have to rebuild, yes. Didn't know that apps seem to be linked to libssl.so.10 which is not getting replaced if you rebuild it like this. If you just replace it, stuff stops working, so it seems you need to rebuild packages with the new version.

@prashantvidja
Copy link

How can I uninstall it once I don't need it

@Khnaz35
Copy link

Khnaz35 commented Oct 11, 2023

when i did make test i got this report

Test Summary Report
-------------------
../test/recipes/80-test_cms.t                    (Wstat: 1280 Tests: 6 Failed: 5)
  Failed tests:  1-5
  Non-zero exit status: 5
../test/recipes/80-test_ssl_new.t                (Wstat: 256 Tests: 29 Failed: 1)
  Failed test:  12
  Non-zero exit status: 1
Files=158, Tests=2432, 123 wallclock secs ( 1.02 usr  0.31 sys + 92.55 cusr 36.78 csys = 130.66 CPU)
Result: FAIL
make[1]: *** [_tests] Error 1
make[1]: Leaving directory `/root/openssl-1.1.1k'
make: *** [tests] Error 2

is it save to proceed?

@Khnaz35
Copy link

Khnaz35 commented Oct 11, 2023

Just update i end up installing SSL 3

openssl version
OpenSSL 3.0.11 19 Sep 2023 (Library: OpenSSL 3.0.11 19 Sep 2023)

@reznikmm
Copy link

But still I get below error - ImportError: urllib3 v2.0 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with OpenSSL 1.0.2k-fips 26 Jan 2017. See: urllib3/urllib3#2168

I made this work by executing

export LD_LIBRARY_PATH=<openssl-1.1.1k>

@Dee-OGCIO
Copy link

Very useful. Thanks a lot!

End up updating to version 3 by following your procedure.

@molssongroup
Copy link

This worked like a charm for me on Oracle 7.9. Thanks!

@luiscastillocr
Copy link

This worked like a charm on Centos 8 Vagrant Box .

Thank you

@Nirzak
Copy link

Nirzak commented May 19, 2024

After installing using your guide, I can't rebuild my curl now. it's always showing ld error. I don't know where have you put the libraries of openssl in your command?

@PauloCarvalhoRJ
Copy link

Hello, how do I install it as a devel package? thanks;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment