How to Install OpenSSL on Ubuntu Linux

[Illustration of OpenSSL setup and configuration on Ubuntu Debian Linux 18.04 / 20.04 / 22.04]

Introduction

OpenSSL is an open-source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general-purpose cryptography library. It is used to provide cryptographic functions and secure communications capabilities in many software packages and applications.

In this comprehensive guide, we will walk through the process of installing OpenSSL on Debian and Ubuntu Linux 18.04 / 20.04 / 22.04 step-by-step. We will cover:

What OpenSSL is and its uses
Checking if OpenSSL is already installed
Choosing the right OpenSSL version
Installing OpenSSL using apt package manager
Downloading and compiling OpenSSL from source
Verifying the OpenSSL installation
Troubleshooting common issues

We will also provide plenty of background information, explanations, and examples to help you fully understand each step of the process. Whether you are a beginner or advanced Linux user, this guide aims to provide everything you need to get OpenSSL installed correctly on your Ubuntu system.

Prerequisites

Before we begin installing OpenSSL, let’s go over some prerequisites:

An Ubuntu Linux system (18.04, 20.04, or 22.04 recommended)
A user account with sudo privileges
A stable internet connection

That’s it – let’s move on to understanding what OpenSSL is and why it’s useful.

What is OpenSSL ?

OpenSSL is a robust and versatile cryptography toolkit that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols for providing encrypted communications between applications. It also includes a general-purpose cryptographic library that provides various cryptographic functions like hashing, digital signatures, encryption/decryption, and more.

Some specific uses of OpenSSL include:

Securing web servers with HTTPS
Creating and managing SSL/TLS certificates
Encrypting email communications
Creating secure VPN connections
Signing software packages
Generating random numbers for security purposes

As you can see, OpenSSL forms a crucial backbone for encrypted communications and internet security services. Next, let’s check if we already have it installed.

Check if OpenSSL is already installed

Before installing OpenSSL, it’s worth checking if it is already present on your Ubuntu system from a previous installation.

To check if OpenSSL is installed, use this command:

$ openssl version

If OpenSSL is installed, it will print out version information like:

OpenSSL 1.1.1f  31 Mar 2020

This indicates OpenSSL is already available on your system and you likely don’t need to install it again. Make sure the installed version is still supported and up-to-date.

If the openssl command is not found, you’ll see an error like:

bash: openssl: command not found

This means OpenSSL is not yet installed, so we’ll need to proceed with installing it.

Choosing the right OpenSSL version

There are a few different versions of OpenSSL available that can be installed on Ubuntu. The main ones you’ll likely choose from are:

OpenSSL 1.0.x: Older, but still supported in some cases.
OpenSSL 1.1.x: The current stable long-term support (LTS) version.
OpenSSL 3.0.x: Newer version with updated features and security.

In most cases, you should install OpenSSL 1.1.x to get the latest long-term stable features and security updates. Only use older or newer branches if you have specific needs.

On Ubuntu, the openssl package will install the latest 1.1.x version which is recommended for most users. When compiling from source, choose the latest 1.1.x source snapshot.

Now let’s go over the installation process using apt and from source.

Installing OpenSSL using Apt

The easiest way to install OpenSSL on Ubuntu is by using the apt package manager. Here are the steps:

Update the package list:

$ sudo apt update

Install the openssl package:

$ sudo apt install openssl

Verify the installation:

$ openssl version

This will show the newly installed version, likely 1.1.x

That’s it! Apt will download and install the latest OpenSSL version from the official Ubuntu repositories automatically.

Depending on your base Ubuntu version, you may get older 1.0.x versions using apt. But this method is great for quickly installing or upgrading to the latest supported OpenSSL release.

Next, let’s go over compiling and installing from source for more control.

Downloading and compiling OpenSSL from source

For some use cases, you may want to download and compile OpenSSL from source rather than using apt:

You need a specific version of OpenSSL that is not available in the Ubuntu repositories.
You want to customize the OpenSSL build with specific options.
You want to contribute to OpenSSL development.

Here are the detailed steps to build and install OpenSSL from source code:

Install build dependencies:

$ sudo apt install build-essential wget

Download the OpenSSL source code:

$ wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz

Verify the integrity of the downloaded file:

$ sha256sum openssl-1.1.1w.tar.gz

Extract the source code:

$ tar xvzf openssl-1.1.1w.tar.gz

Navigate to the extracted directory:

$ cd openssl-1.1.1w

Configure the build:

$ ./config

Compile the source code:

$ make

Run the tests:

$ make test

Install OpenSSL:

$ sudo make install

By default this will install to /usr/local/bin, /usr/local/lib etc. Use --prefix option to customize.

That covers the basic process of compiling and installing OpenSSL from source code. You can also read the official README for more details.

Next, let’s verify OpenSSL was installed correctly.

Verifying the OpenSSL Installation

After installing OpenSSL using either apt or compiling from source, verify everything is working correctly:

Run openssl version to check the version.
Run openssl to enter the OpenSSL command-line tool.
Check that shared libraries libssl and libcrypto exist in /usr/lib or /usr/local/lib.
Make sure the openssl binary is in /usr/bin or /usr/local/bin.

If the basic commands function and libraries/bins are found in the right install locations, your OpenSSL setup should be good to go!

Troubleshooting OpenSSL installation issues

Here are some common issues and fixes when installing OpenSSL:

No shared libs found

If apps complain about missing libssl/libcrypto shared libs, either update $LD_LIBRARY_PATH to contain the OpenSSL lib dir, or make sure you installed the -devel apt package that contains the .so shared objects. Or rebuild from source without --static option.

Compiler errors building from source

Ensure you have the required build tools like gcc and make installed. Double-check any custom configure options that may be causing issues.

Command not found errors

If openssl command isn’t available after install, make sure /usr/local/bin or the configured install --prefix location is in your $PATH env variable.

SSL apps can’t find cert/key files

Update the OPENSSL_CONF system variable or app config to point to the correct OpenSSL config directory location, usually /usr/lib/ssl or /etc/ssl.

App fails protocol handshake or encryption

Your app may be linked against a different OpenSSL version than expected. Double-check library linkages and versions being used.

Warnings about insecure default config

Edit the openssl.cnf file to update default settings per recommendations. Or provide app configs to override.

Make sure you fully uninstall/remove old OpenSSL versions to avoid conflicts or confusion.

In most cases, installation issues can be resolved by double-checking locations of libs, bins, and config files. Refer to the official OpenSSL documentation for additional troubleshooting tips.

Alternative Solutions for Installing OpenSSL

While the apt package manager and compiling from source are common methods for installing OpenSSL, alternative approaches exist, each with its trade-offs. Here are two such alternatives:

1. Using a Container (Docker):

Containers offer a sandboxed environment where OpenSSL and its dependencies are pre-configured. This eliminates dependency conflicts and ensures consistency across different environments.

Explanation: Docker containers encapsulate an application and its dependencies into a single package. This package can then be run on any system with Docker installed, regardless of the underlying operating system or existing software. For OpenSSL, this means you can use a pre-built Docker image containing OpenSSL without worrying about conflicting with existing system libraries or requiring specific build tools.
Code Example:

First, install Docker on your Ubuntu system. Then, pull an existing OpenSSL image from Docker Hub:

docker pull ubuntu/openssl

After pulling the image, you can run a container based on it and execute OpenSSL commands:

docker run -it ubuntu/openssl openssl version

This command will start a new container from the ubuntu/openssl image and execute the openssl version command within that container. The output will show the OpenSSL version installed inside the container.

You can further interact with the container to perform other OpenSSL operations. For example, to generate a self-signed certificate:

docker run -it -v $(pwd):/app ubuntu/openssl bash -c "openssl req -newkey rsa:2048 -nodes -keyout /app/key.pem -x509 -days 365 -out /app/cert.pem"

This command mounts your current directory to /app inside the container, allowing you to access the generated certificate and key files from your host machine.

2. Using a Package Manager from a Third-Party Repository (e.g., snap):

snap is a universal package manager that allows installing applications in a sandboxed environment, similar to containers but with a lighter footprint. This can be an easy way to install a specific OpenSSL version without affecting the system’s core packages.

Explanation: Snap packages are self-contained and include all the dependencies required to run the application. This makes them easy to install and ensures that the application will run correctly regardless of the underlying system configuration. Snaps also provide automatic updates and security patches.
Code Example:

First, ensure snapd is installed on your Ubuntu system (it is usually pre-installed):

sudo apt update
sudo apt install snapd

Then, search for OpenSSL snaps:

snap find openssl

If a suitable snap package is available, install it:

sudo snap install <name-of-the-snap>

Replace <name-of-the-snap> with the actual name of the OpenSSL snap package. After installing the snap, you can access OpenSSL commands through the snap’s alias:

snap run <name-of-the-snap>.openssl version

Replace <name-of-the-snap> with the actual name of the OpenSSL snap package.

These commands illustrate how containers and snap packages offer alternative methods for installing OpenSSL on Ubuntu, providing isolation, consistency, and ease of management. Choosing the right method depends on your specific needs and priorities.

Conclusion

That concludes this comprehensive guide to installing OpenSSL on Ubuntu systems! We covered installation using both the apt package manager as well as building and compiling from latest source releases. You should also now understand the basics of how OpenSSL works and what cryptographic functions it provides.

To summarize, you should now be able to:

Understand what OpenSSL is and its uses.
Check if OpenSSL is already installed on your system.
Install OpenSSL using apt package manager.
Compile and install OpenSSL from source code.
Verify the OpenSSL installation.
Troubleshoot common OpenSSL installation issues.
Understand alternative installation methods, such as using containers or snap packages.

OpenSSL powers countless security systems and cryptographic applications, so it’s an essential tool for any Linux and Ubuntu user to have available. I hope this guide has equipped you with all the knowledge needed to install and use it for your projects and needs. Let us know if you have any other questions.