Geek Rewind

How to Manually Install OpenSSL on Ubuntu

Richard

·

OpenSSL is an open-source toolkit used for Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. The project is globally managed by a volunteer community. This post guides on installing the latest OpenSSL version on Ubuntu 16.04 | 18.04 LTS systems, as the default Ubuntu version isn’t up-to-date. The tutorial includes downloading and manually…

This article explains how to manually install the latest OpenSSL on Ubuntu Linux.

OpenSSL is an open-source project that develops a full-featured toolkit and tools for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols on Linux and other systems.

The project is managed by a worldwide community of volunteers who use the Internet to communicate, plan, and develop the OpenSSL toolkit and its related documentation.

Most network communication apps and tools that use TLS / SSL protocols may install some OpenSSL tools. However, if you’re using applications and packages that depend on the latest versions of OpenSSL, you may have to install it manually on Ubuntu systems.

The default toolkit of OpenSSL that comes with Ubuntu isn’t the latest. To get the latest, you must download it yourself and install it. This brief tutorial is going to show you how to do it.

Download OpenSSL Package

To get the latest OpenSSL installed on Ubuntu, go to its homepage and download the latest version. As of this writing, version 1.1.1 (LTS) is the latest.

Click the link below to visit its download page.

https://www.openssl.org/

Install OpenSSL Manually

Below is a command to help you download and install the OpenSSL toolkit on Ubuntu 16.04 | 18.04 LTS systems. I may also work on future versions.

To download, run the commands below.

cd /tmp
wget https://www.openssl.org/source/openssl-1.1.1.tar.gz
tar xvf openssl-1.1.1.tar.gz

After downloading, run the commands below to install.

cd openssl-1.1.1
sudo ./config -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)'
sudo make
sudo make install

After that, the version of OpenSSL you downloaded should be installed. However, all files, including binaries and man pages, are installed under the directory /usr/local/SSL.

OpenSSL 1.1.1  11 Sep 2018
built on: Sun Sep 23 22:27:39 2018 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib/engines-1.1"
Seeding source: os-specific

Ubuntu’s default OpenSSL version is installed in the /usr/lib/SSL, where apps that need SSL look by default. So, you’ll need to reference the version you installed.

OpenSSL 1.1.0g  2 Nov 2017
built on: reproducible build, date unspecified
platform: debian-amd64
compiler: gcc -DDSO_DLFCN -DHAVE_DLFCN_H -DNDEBUG -DOPENSSL_THREADS -DOPENSSL_NO_STATIC_ENGINE -DOPENSSL_PIC -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DOPENSSLDIR="\"/usr/lib/ssl\"" -DENGINESDIR="\"/usr/lib/x86_64-linux-gnu/engines-1.1\"" 
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"

To ensure that Ubuntu uses this version of OpenSSL instead of the previous version, you must update the paths for man pages and binaries. Edit the file /etc/manpath.config, adding the following line before the first MANPATH_MAP:

Run the commands below option Ubuntu default man page

sudo nano /etc/manpath.config

Then, add the highlighted line at the end of the lines, as shown below.

MANPATH_MAP     /sbin                   /usr/share/man
MANPATH_MAP     /usr/sbin               /usr/share/man
MANPATH_MAP     /usr/local/bin          /usr/local/man
MANPATH_MAP     /usr/local/bin          /usr/local/share/man
MANPATH_MAP     /usr/local/sbin         /usr/local/man
MANPATH_MAP     /usr/local/sbin         /usr/local/share/man
MANPATH_MAP     /usr/X11R6/bin          /usr/X11R6/man
MANPATH_MAP     /usr/bin/X11            /usr/X11R6/man
MANPATH_MAP     /usr/games              /usr/share/man
MANPATH_MAP     /opt/bin                /opt/man
MANPATH_MAP     /opt/sbin               /opt/man
MANPATH_MAP     /usr/local/ssl/bin      /usr/local/ssl/man

Save the file and exit.

Then, run the commands below to update the manual database.

sudo mandb

Now, when you type the man openssl command, you’ll get the updated version of the man page for OpenSSL.

You can also update the execution path to include the new location for OpenSSL. Run the commands below to open the Ubuntu environment configuration file.

sudo nano /etc/environment

Then add the /usr/local/ssh/bin as shown in the line below. Use the exact path as shown.

PATH="/usr/local/sbin:/usr/local/bin:/usr/local/ssl/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games"

Save the file and exit.

Restart Ubuntu, and hopefully, Ubuntu will recognize your new OpenSSL version.

Although some apps may now automatically use the new version of OpenSSL, existing programs (e.g., Apache and Nginx) may not, as they are linked against the libraries from the Ubuntu version.

By referencing the new path, you may manually use the newer version to rebuild the individual app to the more recent version of OpenSSL.

Enjoy!

You may also like the post below:

Fediverse reactions
Richard Avatar
Richard
Richard, the owner and lead writer at Geek Rewind, is a tech enthusiast passionate about simplifying complex IT topics. His years of hands-on experience in system administration and enterprise IT operations have honed his ability to provide practical insights and solutions. Richard aims to make technology more accessible and actionable. He’s deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions. He enjoys watching football, cheering for the Minnesota Vikings, and spending time with his family when he’s not writing or managing Geek Rewind.

Comments

  1. rodrigo Avatar
    rodrigo

    ideally don’ t use `sudo config` or `sudo make`
    also in config you can specify where the openssl library installs to by using
    `–openssldir=/foo/bar` that way you should be able to skip all the workarounds for linking

    Reply
    1. AK Avatar
      AK

      “ideally don’ t use `sudo config` or `sudo make`”
      what do you use instead?

      Reply
  2. Kiart P Avatar
    Kiart P

    how to make apache on ubunt 16.04 working with openssl 1.1.1, phpinfo() still show 1.0.2 version

    Reply
  3. Tartist Avatar
    Tartist

    Thanks all i needed.

    Reply
  4. Priyanka Avatar
    Priyanka

    OpenSSL 1.1.1 11 Sep 2018
    built on: Sun Sep 23 22:27:39 2018 UTC
    platform: linux-x86_64
    options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr)
    compiler: gcc -fPIC -pthread -m64 -Wa,–noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG
    OPENSSLDIR: “/usr/local/ssl”
    ENGINESDIR: “/usr/local/lib/engines-1.1”
    Seeding source: os-specific

    how to get all this verbose information of the package, tried openssl version command didn’t get much help. Also how to point the path to the different path

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *