PMEve--Everyone is a Product Manager

Home >> Tech Dev >> Security

Detailed Tutorial for Upgrading OpenSSL in CentOS 7

Time: Column:Security views:469

OpenSSL is an important tool for securing data. It provides various functions such as encryption and decryption. However, with the development of technology and the emergence of new security vulnerabilities, it has become crucial to use the latest version of OpenSSL.

For more information, visit the official website: https://www.openssl.org/

Some newer applications can only be installed on OpenSSL 3, so upgrading is necessary if you want to continue using CentOS 7.

This article documents how to upgrade OpenSSL on CentOS 7, detailing the steps required, including backup, download, installation, and configuration.

Note: During installation, you must have direct access to the system, rather than using tools like Xshell. After backing up the old OpenSSL, if the system refreshes, you may lose connection. Therefore, the installation and upgrade must be performed with direct access to the system.

Preparation Before Upgrading

  1. Backup Existing ConfigurationExecute the find command to locate OpenSSL:

    [root@localhost ~]# find /usr -name openssl/usr/bin/openssl
/usr/lib64/openssl

    Then, copy the found directories:

    [root@localhost ~]# cp -r /usr/bin/openssl /usr/bin/openssl_backup[root@localhost ~]# cp -r /usr/lib64/openssl /usr/lib64/openssl_backup

  2. Check System VersionWe need to confirm the current versions of CentOS and OpenSSL to determine the need for an upgrade. Use the following commands:

    [root@localhost ~]# cat /etc/centos-releaseCentOS Linux release 7.6.1810 (Core) 
[root@localhost ~]# openssl versionOpenSSL 1.0.2k-fips  26 Oct 2023

  3. Install DependenciesInstall the required dependencies:

    yum -y install gcc perl make zlib-devel perl-CPAN

    Then install the IPC::Cmd module:

    cpan IPC::Cmd

    You can press y during the interactive prompts.

OpenSSL Installation

  • Download Package

    wget https://github.com/openssl/openssl/releases/download/openssl-3.1.1/openssl-3.1.1.tar.gz

  • Extract Files

    tar -zxvf openssl-3.1.1.tar.gz

  • Navigate to the Extracted Folder and Configure

    ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib

  • Compile

    make

  • Install

    make install

  • Configure Dynamic Library Links

    echo "/usr/local/ssl/lib64" > /etc/ld.so.conf.d/openssl.conf

  • Update the System's Library Cache

    ldconfig

  • Replace the Old Directory

    cp /usr/local/ssl/bin/openssl /usr/bin/openssl

  • Use the New OpenSSL Version

    ldconfig -v

Verification

Run the following command to print the current version:

# openssl versionOpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)

Recommended