DEV Community

Jose Tandavala
Jose Tandavala

Posted on

How to Install OpenSSL from source code on Ubuntu 16.04

SSL is the foundation of a secure internet and it protects our sensitive information as it travels across the world's computer network, in this article I will show you how to install OpenSSL from source code.

First, we need to download OpenSSL from the source, by doing this we can always have the last version running on our machine. To download it type the following command.

cd /usr/local/src/
sudo wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz
Enter fullscreen mode Exit fullscreen mode

Before we proceed, make sure that you have the necessary dependencies for building packages from the source code, go back to the terminal, and type the following.

sudo apt install build-essential checkinstall zlib1g-dev -y
Enter fullscreen mode Exit fullscreen mode

The above command installs three packages build essential which is a reference for all packages needed to compile a Debian package, checkinstall is self-explanatory it is used to check if a given package is installed and zlib1g-dev library allows applications to conveniently read and write gzip compatible files.

Now that we have downloaded the source code and installed all the necessary dependencies packages, we need to extract the downloaded file using the command below, make sure that you are in the same directory where you have downloaded the file.

sudo tar -xf openssl-1.1.1c.tar.gz
Enter fullscreen mode Exit fullscreen mode

After extracting the file, navigate to the extracted directory

cd openssl-1.1.1c
Enter fullscreen mode Exit fullscreen mode

We are now going to install OpenSSL which we downloaded using the command below:

sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib

sudo make
sudo make test
sudo make install
Enter fullscreen mode Exit fullscreen mode

If no error, so far so good, now let us configure OpenSSL Shared Libraries, using nano text editor you can anyone of your choice.

cd /etc/ld.so.conf.d/
sudo nano openssl-1.1.1c.conf
Enter fullscreen mode Exit fullscreen mode

This command will open nano text editor with an empty file, type the below text and save.

/usr/local/ssl/lib
Enter fullscreen mode Exit fullscreen mode

Next, reload the dynamic link by issuing the command below:

sudo ldconfig -v
Enter fullscreen mode Exit fullscreen mode

Last but not least, we need to configure OpenSSL binary, inserting the binary of our new version of OpenSSL installed (located at /usr/local/ssl/bin/openssl) to replace the default openssl binary (located at /usr/bin/openssl or /bin/openssl). But first, we need to backup the binary files.

sudo mv /usr/bin/c_rehash /usr/bin/c_rehash.backup
sudo mv /usr/bin/openssl /usr/bin/openssl.backup
Enter fullscreen mode Exit fullscreen mode

Next we need to edit /etc/environment file using nano

sudo nano /etc/environment
Enter fullscreen mode Exit fullscreen mode

With nano opened, let us update the /etc/environment file as the following after that we'll save the file.

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"
Enter fullscreen mode Exit fullscreen mode

Next, reload the OpenSSL environment and check the PATH bin directory using the commands below:

source /etc/environment
echo $PATH
Enter fullscreen mode Exit fullscreen mode

We can now check and verify our installation of OpenSSL using the command below

which openssl
openssl version -a
Enter fullscreen mode Exit fullscreen mode

Happy coding day!

Top comments (2)

Collapse
 
fritz_83 profile image
Fritz

Works fine on Linux Mint 20.3 Una (Ubuntu 20.04 focal) along with OpenSSH, Tor proxy and OpenVPN. However, after installation, wget doesn't work with encryption anymore.

It says:

Connecting to www.kla.tv (www.kla.tv)|138.201.64.151|:443... |S-chain|-<>-127.0.0.1:9050-<><>-138.201.64.151:443-<><>-OK
connected.
ERROR: cannot verify www.kla.tv's certificate, issued by ‘CN=R3,O=Let's Encrypt,C=US’:
Self-signed certificate encountered.
To connect to www.kla.tv insecurely, use `--no-check-certificate'.
Enter fullscreen mode Exit fullscreen mode

I've tried several workarounds, but I can't fix it myself. What's the clue here?

Collapse
 
miticoberna profile image
MiticoBerna

Thanks man, I successfully installed openssl 1.1.1j on ubuntu 16.04!