Install OpenSSL 3 on Centos 7: Secure Communication

In this comprehensive guide, we will walk you through the process to Install OpenSSL 3 on Centos 7. OpenSSL stands as a pivotal open-source command-line utility, indispensable for tasks ranging from generating private keys and crafting Certificate Signing Requests (CSRs) to installing SSL/TLS certificates and extracting vital certificate information. Its significance extends far beyond mere utility; operating systems and countless applications leverage OpenSSL to establish secure communication channels across the internet.

However, the default OpenSSL version pre-installed on Centos 7 often lags behind the latest releases. This can lead to compatibility issues, causing compilation errors when applications demand newer OpenSSL features. Therefore, in this guide, brought to you by Orcacore, we’ll delve into the steps required to install the most recent OpenSSL release on your Centos 7 system.

Before embarking on this journey to Install OpenSSL 3 on Centos 7, ensure you have the necessary prerequisites. You’ll need access to your Centos 7 server as a non-root user with sudo privileges. If you haven’t already set this up, refer to our guide on Initial Server Setup with Centos 7.

Set up OpenSSL 3 Centos 7

Let’s begin!

First, refresh your local package index by executing the following command:

sudo yum update -y

Next, install the Development Tools group, which provides essential compilation tools:

sudo yum groupinstall "Development Tools" -y

Also, install the following Perl packages, which are often required during the OpenSSL build process:

sudo yum install perl-IPC-Cmd perl-Test-Simple -y

Download OpenSSL From Source

Now, navigate to the GitHub OpenSSL Releases page to identify and obtain the latest OpenSSL release. Use the wget command to download the source archive. In this example, we’re downloading version 3.0.8:

sudo wget https://github.com/openssl/openssl/releases/download/openssl-3.0.8/openssl-3.0.8.tar.gz

Then, extract the downloaded archive:

sudo tar xvf openssl-3.0.8.tar.gz

Next, navigate into the newly extracted OpenSSL directory:

cd openssl-3.0*/

Build and Install OpenSSL 3 on Centos 7

Now it’s time to build and install OpenSSL.

Configure the build environment using the ./config script:

./config

Now build OpenSSL:

# make
# make test
# make install

Update the dynamic linker cache:

sudo ldconfig

Update your system-wide OpenSSL configuration by creating a script in /etc/profile.d/ that sets the necessary environment variables:

sudo tee /etc/profile.d/openssl.sh<<EOF
export PATH=/usr/local/openssl/bin:$PATH
export LD_LIBRARY_PATH=/usr/local/openssl/lib:$LD_LIBRARY_PATH
EOF

Reload your shell environment to apply these changes:

source /etc/profile.d/openssl.sh

Finally, verify the installation by checking the OpenSSL version:

openssl version

Conclusion

Congratulations! You have successfully learned how to Install OpenSSL 3.0 on Centos 7. OpenSSL is a powerful tool for generating private keys, creating CSRs, installing SSL/TLS certificates, and identifying certificate information, ultimately contributing to secure communication over the Internet.

We hope you found this guide helpful. You may also find these articles useful:

• How To Install OpenJDK 17 on Centos 7
• Install Bash 5 on Centos 7
• Install Python 3.12 Centos 7
• Set up PHP 7.4 on Centos 7
• Installing Flatpak Package Manager Centos 7
• Portainer Setup on Centos 7
• Docker Compose Installation Centos 7
• Security Updates on Centos 7

Alternative Solutions to Installing OpenSSL 3 on Centos 7

While the above method of compiling from source is a reliable approach to Install OpenSSL 3 on Centos 7, it can be time-consuming and requires careful attention to detail. Let’s explore alternative methods that might be more suitable for certain users.

1. Using Software Collections (SCL)

Software Collections (SCL) enable you to install multiple versions of software on the same system without conflicts. This is achieved by providing a separate environment for each software collection. While OpenSSL isn’t directly available as a standard SCL package, we can leverage this approach to build and install OpenSSL into a custom SCL. This isolates the new OpenSSL installation and minimizes the risk of breaking system dependencies.

Explanation:

SCL creates isolated environments for different software versions. By building OpenSSL within an SCL environment, we prevent it from overwriting the system’s default OpenSSL and ensure compatibility.

Steps:

1. Install SCL repository:

   sudo yum install centos-release-scl

2. Install necessary development tools and dependencies within an SCL environment (example using devtoolset-7, but adjust as needed):

   sudo yum install devtoolset-7
   scl enable devtoolset-7 bash
   sudo yum install perl-IPC-Cmd perl-Test-Simple -y

   Note: You might need to adjust the devtoolset version depending on your Centos 7 setup.

3. Download, extract, configure, build, and install OpenSSL as described in the original guide, but within the SCL enabled environment:

   wget https://github.com/openssl/openssl/releases/download/openssl-3.0.8/openssl-3.0.8.tar.gz
   tar xvf openssl-3.0.8.tar.gz
   cd openssl-3.0*/
   ./config --prefix=/opt/openssl3
   make
   make test
   sudo make install

   The --prefix=/opt/openssl3 is crucial. It tells OpenSSL to install into the /opt/openssl3 directory, not the system directories.

4. Create a script to enable the OpenSSL SCL:

   sudo tee /etc/profile.d/openssl3.sh<<EOF
   export PATH=/opt/openssl3/bin:$PATH
   export LD_LIBRARY_PATH=/opt/openssl3/lib:$LD_LIBRARY_PATH
   EOF

5. Reload the shell environment:

   source /etc/profile.d/openssl3.sh

6. Verify the installation:

   openssl version

This method provides a cleaner separation between the system’s OpenSSL and the newly installed version. To use the new OpenSSL in a specific session, you would source /etc/profile.d/openssl3.sh first.

2. Using a Containerization Technology (Docker)

Another robust alternative involves using Docker, a popular containerization platform. Docker allows you to create isolated environments, known as containers, where you can install and run applications with their dependencies. This eliminates potential conflicts with the host system’s libraries and dependencies, including OpenSSL. This approach is especially useful if you need a specific OpenSSL version for a particular application without affecting the system-wide OpenSSL.

Explanation:

Docker containers encapsulate an application and its dependencies, creating a consistent environment regardless of the host system.

Steps:

1. Install Docker: Follow the official Docker documentation to install Docker on your Centos 7 system.

2. Create a Dockerfile: Create a file named Dockerfile in an empty directory. This file will contain the instructions for building the Docker image.

   FROM centos:7
   
   RUN yum update -y && 
       yum install -y wget tar gcc make perl perl-IPC-Cmd perl-Test-Simple && 
       yum clean all
   
   WORKDIR /tmp
   
   RUN wget https://github.com/openssl/openssl/releases/download/openssl-3.0.8/openssl-3.0.8.tar.gz && 
       tar xvf openssl-3.0.8.tar.gz && 
       cd openssl-3.0.8 && 
       ./config --prefix=/usr/local/openssl && 
       make && 
       make test && 
       make install
   
   ENV PATH="/usr/local/openssl/bin:${PATH}"
   ENV LD_LIBRARY_PATH="/usr/local/openssl/lib:${LD_LIBRARY_PATH}"
   
   CMD ["/bin/bash"]

   Dockerfile Explanation:

   • FROM centos:7: Specifies the base image (Centos 7).
   • RUN yum ...: Installs necessary packages (wget, tar, compilers, Perl modules).
   • WORKDIR /tmp: Sets the working directory inside the container.
   • RUN wget ...: Downloads and extracts OpenSSL.
   • RUN cd ...: Configures, builds, and installs OpenSSL.
   • ENV ...: Sets environment variables for easy access to OpenSSL.
   • CMD ["/bin/bash"]: Sets the default command to run when the container starts (a bash shell).

3. Build the Docker image: In the directory containing the Dockerfile, run the following command:

   docker build -t openssl3-centos7 .

4. Run the Docker container:

   docker run -it openssl3-centos7

   This will start an interactive bash shell within the container.

5. Verify the installation: Inside the container, run:

   openssl version

Now you have a container with OpenSSL 3 installed. You can use this container to run applications that require OpenSSL 3 without affecting your host system. To run a command with the new OpenSSL from outside the container you could use:

docker run --rm openssl3-centos7 openssl version

This runs the openssl version command inside the openssl3-centos7 container and then removes the container after the command completes. The --rm flag is important to prevent the container from accumulating over time.

These alternative methods offer different approaches to managing OpenSSL versions on Centos 7, each with its own advantages and disadvantages. Choose the method that best suits your specific needs and technical expertise. Remember to always test your applications thoroughly after installing or upgrading OpenSSL to ensure compatibility and proper functionality.