OpenSSL is a crucial software library that provides secure communication over computer networks, ensuring data confidentiality and authentication. It is widely used by internet servers, including the majority of HTTPS websites. In this article, we will guide you through the process of installing the latest version of OpenSSL on Ubuntu 23.10. By following these steps, you can ensure that your server is equipped with the most up-to-date security features.
Step 1: Determine the Current Version
Before proceeding with the installation, it is essential to determine the version of OpenSSL that is currently installed on your system. To do this, open a terminal and enter the following command:
openssl version
The output will display the installed OpenSSL version:
OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)
Step 2: Update the System
To ensure that you have the latest packages and security updates, it is crucial to update your system. Run the following commands to update and upgrade the current packages:
sudo apt update -y sudo apt upgrade -y
Step 3: Install Required Dependencies
Next, we need to install the necessary dependencies for building OpenSSL. Use the following command to install the required packages:
sudo apt install build-essential make -y
Once the installation is complete, verify the versions of make
and gcc
by running the following commands:
make --version gcc --version
The output should display the versions of make
and gcc
installed on your system.
Step 4: Verify Perl Package
Perl is a programming language commonly used for system administration tasks. It is required for the installation process. Verify that Perl package is installed by checking its version:
perl --version
If Perl is not installed, you can install it using the following command:
sudo apt install perl -y
Step 5: Check the Downloaded Zip File Signature
Before installing the downloaded zip file, it is crucial to verify its signature to ensure its authenticity. To do this, follow the steps below:
- Download the public keys for signature verification using the
curl
command:
curl 'https://keys.openpgp.org/vks/v1/by-fingerprint/7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C' > levitte.txt curl 'https://keys.openpgp.org/vks/v1/by-fingerprint/8657ABB260F056B1E5190839D9C4D26D0E604491' > caswell.txt
- Import the downloaded keys into the GnuPG database:
gpg --import caswell.txt gpg --import levitte.txt
- Verify that the keys are imported correctly:
gpg --list-keys
The output will display the imported keys.
Step 6: Download and Verify the Signature
Download the signature file from the OpenSSL website using the curl
command:
curl https://www.openssl.org/source/openssl-3.1.4.tar.gz.asc > signature.asc
Once the signature file is downloaded, validate it using the following command:
gpg --verify signature.asc openssl-3.1.4.tar.gz
The output will confirm whether the signature is valid.
Step 7: Download and Install OpenSSL
At the time of writing this article, the latest stable version of OpenSSL is 3.1.4. You can download it using the wget
command:
wget https://www.openssl.org/source/openssl-3.1.4.tar.gz
To ensure the integrity of the downloaded file, compare the SHA256 checksum provided on the OpenSSL website with the computed checksum of the downloaded file:
wget https://www.openssl.org/source/openssl-3.1.4.tar.gz.sha256 echo "$(cat openssl-3.1.4.tar.gz.sha256) openssl-3.1.4.tar.gz" | sha256sum --check
The output will confirm whether the checksum matches.
Step 8: Install OpenSSL
Create a directory for installing the latest version of OpenSSL:
sudo mkdir /opt/openssl
Change to the newly created directory:
cd /opt/openssl
Extract the downloaded zip file into the /opt/openssl
directory:
sudo tar xvzf /root/openssl-3.1.4.tar.gz --directory /opt/openssl
Navigate to the extracted directory:
cd openssl-3.1.4/
Create the Makefile using the following command:
sudo ./config --prefix=/opt/openssl --openssldir=/opt/openssl/ssl
Once the configuration is complete, run the following commands to build and install OpenSSL:
sudo make sudo make install
Step 9: Configure Symbolic Link
To maintain compatibility and prevent the need to alter the PATH
environment variable, create a symbolic link pointing to the new OpenSSL installation:
sudo ln -s /opt/openssl/bin/openssl /usr/bin/openssl
Verify the symbolic link by running the following command:
ls -lisah /usr/bin/openssl
The output should display the symbolic link.
Step 10: Create Configuration File
Create a configuration file for OpenSSL and store it in the /etc/ld.so.conf.d/
directory. Change to the directory and create the file openssl.conf
with the following content:
sudo nano /etc/ld.so.conf.d/openssl.conf
Add the following line to the file:
/opt/openssl/lib64
Save the file and exit the editor.
Step 11: Update the Cache
To update the cache and ensure that the system recognizes the new OpenSSL installation, run the following command:
sudo ldconfig
Step 12: Verify the Installation
To verify that the installation was successful, check the version of OpenSSL:
openssl version
The output should display the newly installed version of OpenSSL.
Congratulations! You have successfully installed the latest version of OpenSSL on your Ubuntu 23.10 system. Ensure to reboot your system for the changes to take effect. In case of any issues or for further assistance, refer to the OpenSSL documentation or consult with your system administrator.
For reliable and secure cloud hosting solutions, consider Shape.host. With their Cloud VPS services, you can enjoy scalable and efficient hosting tailored to your needs. Shape.host offers the expertise and reliability you need to ensure the security and performance of your online presence.