How to install OpenSSL 3 on Ubuntu 20.04

OpenSSL 3 contains an open-source implementation of the SSL and TLS protocols. OpenSSL implements basic cryptographic function. The OpenSSL toolkit includes libssl, libcrypto and openssl which is the OpenSSL command-line tool, a swiss army knife for cryptographic tasks, testing, and analyzing. It can be used for:

  • Creation of key parameters.
  • Creation of x.509 certificates, CSRs and CRLs
  • Encryption and decryption
  • Calculation of message digests
  • SSL/TLS client and server tests
  • Handling of S/MIME signed or encrypted mail.

In this tutorial, I will show you how to install OpenSSL on Ubuntu 20.04. OpenSSL 3 is the latest long-term release for OpenSSL. OpenSSL is a software application that is used to secure communication between two different mediums in a computer network. It is used by the majority of web servers.

Install OpenSSL 3 on Ubuntu 20.04

1. Update System Repositories

To start installing OpenSSL 3 on Ubuntu 20.04, we need to update our system repositories in order to make them up to date. So to start with use the following command.

sudo apt update && apt upgrade -y

When upgrades and updates are complete, proceed to install dependencies.

2. Install OpenSSL 3 dependencies

We need to install the following dependencies so that when we install OpenSSL, we wouldn’t run into errors early on. The following dependencies will be installed with the following command.

sudo apt install build-essential checkinstall zlib1g-dev -y

3. Download OpenSSL 3

We need to head over to the OpenSSL download page to get the download link from there. We are going to use wget to make the download. First, make sure you are in this directory /usr/local/src/. So let’s cd into this directory then we proceed with the download.

cd /usr/local/src/
wget https://www.openssl.org/source/openssl-3.0.2.tar.gz

When the download is complete, proceed to extract the archive contents to your system.

sudo tar -xvf openssl-3.0.2.tar.gz

Before we can go ahead with the installation, cd into OpenSSL 3 you have extracted. For safety reasons lets ls to see the contents inside.

ls
ACKNOWLEDGEMENTS.md  HACKING.md        NOTES-PERL.md      README-PROVIDERS.md  build.info        e_os.h    providers
AUTHORS.md           INSTALL.md        NOTES-UNIX.md      README.md            config            engines   ssl
CHANGES.md           LICENSE.txt       NOTES-VALGRIND.md  SUPPORT.md           config.com        external  test
CONTRIBUTING.md      NEWS.md           NOTES-VMS.md       VERSION.dat          configdata.pm.in  fuzz      tools
Configurations       NOTES-ANDROID.md  NOTES-WINDOWS.md   VMS                  crypto            include   util
Configure            NOTES-DJGPP.md    README-ENGINES.md  apps                 demos             ms        wycheproof
FAQ.md               NOTES-NONSTOP.md  README-FIPS.md     appveyor.yml         doc               os-dep

4. Install OpenSSL 3 on Ubuntu 20.04

We are going to use the compilation method to install OpenSSL 3 for now. The default version of openssl 3 for now in my system is shown below.

openssl version -a
OpenSSL 1.1.1f  31 Mar 2020
built on: Wed Mar  9 12:12:45 2022 UTC
platform: debian-amd64
options:  bn(64,64) rc4(16x,int) des(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-2iuOVN/openssl-1.1.1f=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_TLS_SECURITY_LEVEL=2 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2
OPENSSLDIR: "/usr/lib/ssl"
ENGINESDIR: "/usr/lib/x86_64-linux-gnu/engines-1.1"
Seeding source: os-specific

So to compile from the source run the following command.

./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
make
make test
#sample output
Configuring OpenSSL version 3.0.2 for target linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Running configdata.pm
Creating Makefile.in
Creating Makefile

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL.md file first)      ***
***                                                                ***
**********************************************************************

Please wait for the compiler to finish before proceeding with the make install command.

make install

If you are successful with the installation, proceed to configure link libraries. The new OpenSSL loads files from /usr/local/ssl/lib directory, so lets cd into /etc/ld.so.conf.d/ and add the following .conf file, use your favourite text editor.

cd /etc/ld.so.conf.d/
sudo vi openssl-3.0.2.conf

Add this into the file /usr/local/ssl/lib and reload the dynamic link with this command.

sudo ldconfig -v

5. Configure openssl 3 Binary

We now need to replace OpenSSL binary found in /usr/bin/openssl or /bin/openssl with the new version in /usr/local/ssl/bin/openssl. First backup the binary files.

mv /usr/bin/c_rehash /usr/bin/c_rehash.BEKUP
mv /usr/bin/openssl /usr/bin/openssl.BEKUP

Then we need to edit /etc/environment with your favorite editor.

sudo vi /etc/environment

Add this /usr/local/ssl/bin to the end of the PATH

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin"

Save and exit.

Then we need to reload the environment variable.

source /etc/environment
echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/usr/local/ssl/bin

Conclusion

We have successfully installed OpenSSL 3 on Ubuntu 20.04. In case you face any challenges please consult the OpenSSL documentation wiki.

About Kipkoech Sang

I am a technology enthusiast who loves to share gained knowledge through offering daily tips as a way of empowering others. I am fan of Linux and all other things open source.
View all posts by Kipkoech Sang →

Leave a Reply

Your email address will not be published.