How to Install the latest OpenSSL version from Source on Linux (Debian)

In this tutorial, I will show you step by step how to install the latest stable OpenSSL version from source on Debian servers.

Step 1 – Install Dependencies

Before we can compile the OpenSSL library from source, the first step is to install some package dependencies, including the ‘build-essential’ package on Debian.

Update the repository and install package dependencies for software compilation using the apt command below.

sudo apt update
sudo apt install build-essential checkinstall zlib1g-dev -y

After the installation is complete, go to the next step.

Step 2 – Download OpenSSL

Install the latest stable version of OpenSSL – OpenSSL 3.1.0. You can download the source code from the OpenSSL site.

Go to the ‘/usr/local/src’ directory and download the OpenSSL source code using wget.

cd /usr/local/src/
wget https://www.openssl.org/source/openssl-3.1.0.tar.gz

Now extract the openssl.tar.gz file, and go to the ‘openssl’ directory.

tar -xf openssl-3.1.0.tar.gz
cd openssl-3.1.0

Download OpenSSL source

The OpenSSL source code has been downloaded.

Step 3 – Install OpenSSL

Before installing the custom OpenSSL version to the system, let’s check the installed version using the command below.

openssl version -a

We will replace version 1.1.x with latest stable version OpenSSL 3.1.0.

We will install the new OpenSSL version to the specific directory ‘/usr/local/ssl’, and then enable the Link Libraries of OpenSSL, and configure the new binary PATH for OpenSSL.

Go to the openssl downloaded directory ‘/usr/local/src/openssl’.

cd /usr/local/src/openssl-3.1.0

Configure and compile OpenSSL with the commands below.

./config –prefix=/usr/local/ssl –openssldir=/usr/local/ssl shared zlib

make
make test

Wait for the OpenSSL compile process.

make test passed successfully

Note:

–prefix and –openssldir = Set the output path of the OpenSSL.
shared = force to create a shared library.
zlib = enable the compression using zlib library.
When the compile process is complete, install the OpenSSL using the command below.

make install
make install

OpenSSL is installed in the ‘/usr/local/ssl’ directory.

Configure Link Libraries

Next, we will configure the shared libraries for OpenSSL. The new OpenSSL binary will load library files from the ‘/usr/local/ssl/lib’ directory.

Go to the ‘/etc/ld.so.conf.d’ directory and create new configuration file ‘openssl-3.0.7.conf’.

cd /etc/ld.so.conf.d/
nano openssl-3.0.7.conf

Paste the openssl library path directory.

/usr/local/ssl/lib64

Save and exit.

Now reload the dynamic link using the command below.

sudo ldconfig -v

And you will see the OpenSSL libraries on the ‘/usr/local/ssl/lib64’ directory has been loaded.

Configure OpenSSL Binary

We will replace the default openssl binary ‘/usr/bin/openssl or /bin/openssl’ with the new version ‘/usr/local/ssl/bin/openssl’.

Backup the binary files.

mv /usr/bin/c_rehash /usr/bin/c_rehash.bak
mv /usr/bin/openssl /usr/bin/openssl.bak

Edit the ‘/etc/environment’ file using nano.

vi /etc/environment

Now add the new OpenSSL binary directory as below

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin:/usr/local/ssl/bin"

Configure PATH, save and exit.

Reload the environment file and test the new updated binary PATH.

source /etc/environment
echo $PATH

Now check the OpenSSL binary file again.

which openssl
You will get the result as below.

Configure OpenSSL Binary on Debian

The binary path of OpenSSL for Debian has been updated.

Step 4 – Testing

Test the new OpenSSL version using the following command.

openssl version -a

The result on Debian.

Latest OpenSSL version on Debian

The latest stable version of OpenSSL has been installed from source on Linux.

One thought on “How to Install the latest OpenSSL version from Source on Linux (Debian)”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.