Installing OpenSSL on Ubuntu

OpenSSL is the de-facto standard for key and CSR generation on a webserver environment.  These CSR’s can then be handed to a Certificate Authority to obtain a SSL certificate to facilitate secure traffic to and from your server.  OpenSSL is free, open source, and secure, so it is the recommended solution to create your CSR’s from.  This article will go through the installation of OpenSSL.

Prerequisites

– A Cloud Server running Ubuntu

Install OpenSSL dependencies

OpenSSL is not installed as a package like most applications, and is instead complied from the source code.  Don’t panic though, this is still relatively easy, all that is required is to have a few things installed to allow the compile to process successfully.  For Ubuntu, this means making sure gcc is installed, as well as the dependencies for OpenSSL itself, namely checkinstall and zlib.  You can install all three with the commands that follow:

sudo apt install build-essential
sudo apt install checkinstall
sudo apt install zlib1g-dev

Download and compile OpenSSL

Next, we need to download the source code for OpenSSL so that it can be compiled. You should check https://www.openssl.org/source/ for the latest version of OpenSSL and make sure you are downloading that. Right click on the link for the latest version .tar file and copy the link location. Next run the following on your server:

cd /usr/local/src/
sudo wget 

This downloads the latest version of OpenSSL into the /usr/local/src/ directory, which is the recommended default location for OpenSSL. Now extract the source code from the .tar file:

sudo tar -xf opnssl-

Please note, replace with the appropriate value based on the version you downloaded.  This guide will use this expression a few more times, so please remember to replace it in each example.

Next, enter the directory you just unpacked:

cd openssl-

Now, configure the install locations for OpenSSL, and then run the compile process:

sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
sudo make
sudo make test

This sets the directory for OpenSSL to /usr/local/ssl and creates a shared library with z-compression enabled.  Once so primed, the make commands compile OpenSSL.  Once both make commands complete, OpenSSL is finally ready to install, which you can do by running the following:

sudo make install

Configuring OpenSSL shared libraries

Once OpenSSL is installed, it is prudent to link the shared libraries for it so that they load at runtime.  This can be done by simply adding a config file to /etc/ld.so.conf.d/:

cd /etc/ld.so.conf.d/
sudo vim openssl-.conf

Once inside the text editor add the line to the library file:

/usr/local/ssl/lib

Save and exit the editor, then reload the system dynamic links with the following:

sudo ldconfig -v

You should see the file being loaded in the output, similar to the example below:

sudo ldconfig -v
/usr/lib/x86_64-linux-gnu/libfakeroot:
    libfakeroot-0.so -> libfakeroot-tcp.so
/usr/local/lib:
/usr/local/ssl/lib:
    libssl.so.1.1 -> libssl.so.1.1
    libcrypto.so.1.1 -> libcrypto.so.1.1

Configuring the OpenSSL binary

You will also want to add the binary file for OpenSSL to your PATH variable.  This can be done by editing your environment file:

sudo vim /etc/environment

Inside the text editor add the following to your PATH line, within the parentheses:

:/usr/local/ssl/bin

When finished the line should look similar or the same as the following:

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"

Save and close out of vim.  Next, reload the environment file to bring in the new PATH variable:

source /etc/environment

You can test the changes by echoing the path variable, and test the OpenSSL specifically with which:

echo $PATH
which openssl

You should see results similar to the following:

root@bored-mouse-55:~# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/games:/usr/local/ssl/bin
root@bored-mouse-55:~# which openssl
/usr/local/ssl/bin/openssl

Congratulations, OpenSSL is now installed and configured!

Leave a Reply

Your email address will not be published. Required fields are marked *