Installing OpenSSL 3 on Linux

Ubuntu/Debian Systems

Using the Package Manager

# Update the package index
sudo apt update

# Install OpenSSL 3
sudo apt install openssl

# Verify the installed version
openssl version

CentOS/RHEL/Rocky Linux Systems

Using the Package Manager

# For newer versions (8 and above)
sudo dnf install openssl openssl-devel

# Verify the installed version
openssl version

Installing OpenSSL 3 on CentOS 7

By default, CentOS 7 ships with OpenSSL version 1.0.2. Since system software relies on this default version, it is not recommended to replace it. Instead, keep the original version intact, as the system’s default openssl command will still point to the older release.

To avoid conflicts, install OpenSSL 3 in a separate directory.

1. Install Dependencies

sudo yum groupinstall "Development Tools"
sudo yum install perl-core zlib-devel cmake

2. Download and Compile OpenSSL 3

# Download the OpenSSL 3 source code
wget https://www.openssl.org/source/openssl-3.1.0.tar.gz
tar -xzf openssl-3.1.0.tar.gz
cd openssl-3.1.0

# Configure compilation options, specifying an installation path (to avoid conflicts with the system's OpenSSL)
./config --prefix=/usr/local/openssl3 --openssldir=/usr/local/openssl3 shared zlib

# Compile and install
make
sudo make install

3. Manually Specify OpenSSL 3

To ensure that DBAPI can recognize OpenSSL 3 at startup, you need to specify the library paths and environment variables during initialization. Modify the bin/dbapi.sh and bin/dbapi-daemon.sh files by adding the following lines at the top:

export LD_LIBRARY_PATH=/usr/local/openssl3/lib64:$LD_LIBRARY_PATH
export PATH=/usr/local/openssl3/bin:$PATH

Fedora Systems

# Use dnf to install
sudo dnf install openssl openssl-devel

# Verify the version
openssl version

SUSE/openSUSE Systems

# Use zypper to install
sudo zypper install openssl libopenssl-devel

# Alternatively, use the transaction command
sudo zypper in openssl libopenssl-devel

# Verify the installation
openssl version

General Source Code Installation Steps

For any Linux distribution, you can compile and install the latest version of OpenSSL from source:

# Install basic build tools
# Ubuntu/Debian:
sudo apt install build-essential checkinstall wget tar

# RHEL/CentOS/Fedora:
sudo dnf install gcc make wget tar

# Download and extract OpenSSL 3 source code
cd /tmp
wget https://www.openssl.org/source/openssl-3.1.0.tar.gz
tar -zxf openssl-3.1.0.tar.gz
cd openssl-3.1.0

# Configure, compile, and install
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
make
sudo make install

# Update the system's library path
echo "/usr/local/ssl/lib" | sudo tee -a /etc/ld.so.conf.d/openssl-3.conf
sudo ldconfig

# If necessary, update the PATH environment variable
echo 'export PATH="/usr/local/ssl/bin:$PATH"' >> ~/.bashrc
source ~/.bashrc

Verifying the Installation

After installation, verify the OpenSSL version using the following commands:

# Check the version
openssl version

# Display detailed version information
openssl version -a

# List supported algorithms
openssl list -digest-algorithms