Install Latest OpenSSL on Ubuntu 22.04 From Source: Easy Steps

This guide is designed to teach you how to Install Latest OpenSSL on Ubuntu 22.04. OpenSSL is an indispensable open-source command-line tool for generating private keys, creating Certificate Signing Requests (CSRs), installing SSL/TLS certificates, and inspecting certificate details. Follow the steps outlined below to proceed with the OpenSSL installation on your Ubuntu 22.04 system.

The default OpenSSL version that ships with Ubuntu 22.04 is 3.0.2. This guide will walk you through the process of installing the latest version of OpenSSL directly from the source code on your Ubuntu 22.04 server.

Before you begin, let’s ensure you have the necessary prerequisites in place.

Requirements for OpenSSL Setup

To successfully Install Latest OpenSSL on Ubuntu 22.04, you need the following:

Access to your Ubuntu 22.04 server as a non-root user with sudo privileges. This allows you to execute commands as the superuser, which is essential for installation and configuration. You can refer to this guide on Initial Server Setup with Ubuntu 22.04 for instructions on setting up a user with sudo privileges.

With the requirements met, let’s move on to the installation steps to Install Latest OpenSSL on Ubuntu 22.04.

Step 1 – Install Dependencies for OpenSSL

Since we are installing OpenSSL from source, certain dependencies are required for the compilation process.

First, update your system’s package lists using the following command:

sudo apt update

Next, install the necessary dependencies using the command below:

sudo apt install build-essential checkinstall zlib1g-dev -y

These packages provide the tools and libraries needed to compile and link the OpenSSL source code.

Step 2 – Download Latest OpenSSL Binary Package

Visit the GitHub OpenSSL Releases page to find the latest release version. Use the wget command to download the corresponding source code archive:

sudo wget https://github.com/openssl/openssl/releases/download/openssl-3.1.2/openssl-3.1.2.tar.gz

Remember to replace "openssl-3.1.2" with the actual name of the latest release file if it differs.

Once the download is complete, extract the archive using the following command:

sudo tar xvf openssl-3.1.2.tar.gz

Then, navigate into the extracted OpenSSL source directory:

cd openssl-3.1*/

The asterisk (*) in the command ensures you enter the directory regardless of the exact version number.

Step 3 – Build and Install OpenSSL on Ubuntu 22.04

From within the OpenSSL directory, configure the build environment using the following command:

sudo ./config

The output should resemble the following:

**Output**
**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL.md file first)      ***
***                                                                ***
**********************************************************************

Next, build and install OpenSSL using these commands:

# sudo make
# sudo make test
# sudo make install

The sudo make command compiles the source code. The sudo make test command runs a series of tests to ensure the build is functioning correctly. The sudo make install command installs the compiled binaries and libraries to the appropriate system directories. These steps can take a considerable amount of time, depending on your system’s hardware.

After the installation is complete, update the dynamic linker runtime bindings:

sudo ldconfig

Then, update the system-wide OpenSSL configuration by creating a shell script:

sudo tee /etc/profile.d/openssl.sh<<EOF
export PATH=/usr/local/openssl/bin:$PATH
export LD_LIBRARY_PATH=/usr/local/openssl/lib:$LD_LIBRARY_PATH
EOF

This script sets the PATH and LD_LIBRARY_PATH environment variables, ensuring that the system can find the newly installed OpenSSL binaries and libraries.

Reload the shell environment to apply the changes:

source /etc/profile.d/openssl.sh

Step 4 – Verify OpenSSL Installation on Ubuntu 22.04

Verify the successful Install Latest OpenSSL on Ubuntu 22.04 by checking the OpenSSL version:

openssl version -a

The output should display the installed OpenSSL version, confirming that the latest version is now active on your Ubuntu 22.04 system.

**Output**
(Example output, version number will vary)
OpenSSL 3.1.2 2 Aug 2023
built on: Tue Aug  2 12:00:00 2023 UTC
platform: linux-x86_64
options:  bn(64,64) ...
...

Conclusion

The default OpenSSL package version available in Ubuntu 22.04 is 3.0.2. This tutorial demonstrated how to Install Latest OpenSSL on Ubuntu 22.04 from the source code. The latest version at the time of writing is 3.1.2. You can use these steps to install any newer version of OpenSSL on your Ubuntu server whenever a new release becomes available. This approach provides you with the most up-to-date security features and bug fixes.

You may also be interested in these articles on the Orcacore website:

Network ifup: failed to bring up eth0:0 Ubuntu

How To Install PySpark on Ubuntu 22.04

Alternative Solutions to Installing Latest OpenSSL on Ubuntu 22.04

While compiling from source provides maximum control and ensures you have the absolute latest version, it’s not always the most convenient or practical approach. Here are two alternative methods to Install Latest OpenSSL on Ubuntu 22.04:

1. Using a Third-Party Repository (e.g., Ondřej Surý’s PPA):

Ondřej Surý maintains a Personal Package Archive (PPA) that often contains more recent versions of software packages, including OpenSSL. This is a more convenient method than compiling from source, as it leverages the apt package manager.

Explanation: PPAs are repositories hosted outside the official Ubuntu repositories. They allow developers to provide newer versions of software or software not available in the official repositories. Ondřej Surý’s PPA is a well-respected and reliable source for various software packages. Using a PPA simplifies the installation process and ensures you receive updates through the standard apt update and apt upgrade commands.

Steps:

Add the PPA:

sudo add-apt-repository ppa:ondrej/ubuntu-security

Update Package Lists:
```
sudo apt update
```
Install OpenSSL:
```
sudo apt install openssl libssl-dev
```
Verify Installation:
```
openssl version -a
```

Caveats: While convenient, using PPAs introduces a dependency on a third-party repository. Ensure you trust the PPA provider before adding it to your system. Also, be mindful of potential conflicts if the PPA contains packages that overlap with the official Ubuntu repositories.

2. Using Snap Packages:

Snap is a package management system developed by Canonical (the company behind Ubuntu) that allows for easy installation and updates of applications and libraries. While OpenSSL might not be directly available as a snap package in the traditional sense, you might find applications that bundle a newer OpenSSL version within their snap environment.

Explanation: Snap packages are containerized applications that include all their dependencies. This eliminates dependency conflicts and ensures that the application runs consistently across different systems. However, because OpenSSL is a system library, it’s unlikely you’ll find a snap package that directly replaces the system-wide OpenSSL. Instead, applications that require a newer OpenSSL version might bundle it within their own snap container. This means the system-wide OpenSSL remains untouched, but the application uses the newer version internally.
Steps:
1. Search for Relevant Snap Packages: Look for snap packages of applications that rely heavily on cryptography (e.g., VPN clients, server software).
```
snap find openssl
```
2. Install the Snap Package:
```
sudo snap install <snap-package-name>
```
3. The Snap Application will use its bundled OpenSSL. The exact way to verify this depends on the application itself. It will be using the specific OpenSSL version bundled within the Snap package. You will not be able to run the openssl version -a command and see it, since the OS is not using this version.
Caveats: This method doesn’t update the system-wide OpenSSL. It only provides a newer OpenSSL version for specific applications that use snap packages and bundle their own OpenSSL. This is generally not a suitable solution if you need to update the system-wide OpenSSL for security reasons or to support other applications outside the snap ecosystem. This is not a recommended approach if you truly need to Install Latest OpenSSL on Ubuntu 22.04 system-wide.

In summary, while compiling from source offers the most control, using a PPA provides a balance between convenience and access to newer versions. Snap packages are less likely to provide a direct solution for updating the system-wide OpenSSL but can be useful in specific scenarios where applications bundle their own dependencies. Be sure to weigh the pros and cons of each approach before choosing the best method to Install Latest OpenSSL on Ubuntu 22.04 for your needs.