In this article, we’ll explain how to install OpenSSL 3 on AlmaLinux 9. We'll install OpenSSL 3.0.8 version, we will keep updating the tutorial as new version get launched.
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.
OpenSSL is licensed under an Apache-style license, which means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions. For a list of vulnerabilities, and the releases in which they were found and fixes, see our Vulnerabilities page.
We have covered installation OpenSSL 3.0.8.
Prerequisites
- A AlmaLinux 9 installed dedicated server or KVM VPS.
- A root user access or normal user with sudo privileges.
Step 1 – Keep the server up to date
Always keep the server up to date the security purpose.
dnf update -y
Step 2 - Install development tool
We need to install a development tool and few dependencies to install OpenSSL.
dnf group install 'Development Tools'
Step 3 - Install dependencies
dnf install perl-core zlib-devel -y
Step 4 - Download and Extract Source File
We will download the latest stable version is the 3.0 series. This is also our Long Term Support (LTS) version, supported until 7th September 2026. Here is the official source link.
Change current working directory to /usr/local/src/ using follow command:
cd /usr/local/src/
Download OpenSSL 3.0.8 using wget command. If wget command is unavailable in your server, install it using this command dnf install wget -y.
wget https://www.openssl.org/source/openssl-3.0.8.tar.gz
Now, extract the tar file.
tar xzvf openssl-3.0.8.tar.gz
Step 5 - Configure and Build
Navigate to the extracted directory and configure, build, test and install OpenSSL in the default location /usr/local/ssl.
cd openssl-3.0.8
Configure it with PATH.
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
Output
Configuring OpenSSL version 3.0.8 for target linux-x86_64
Using os-specific seed configuration
Created configdata.pm
Running configdata.pm
Created Makefile.in
Created Makefile
Created include/openssl/configuration.h
**********************************************************************
*** ***
*** OpenSSL has been successfully configured ***
*** ***
*** If you encounter a problem while building, please open an ***
*** issue on GitHub ***
*** and include the output from the following command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
*** (If you are new to OpenSSL, you might want to consult the ***
*** 'Troubleshooting' section in the INSTALL.md file first) ***
*** ***
**********************************************************************
Now, build
make
make test
make install
Step 6 - Configure it shared libraries.
Once we have successfully installed OpenSSL, configure it shared libraries.
Naviagate to the /etc/ld.so.conf.d directory and create a configuration file.
cd /etc/ld.so.conf.d/
vi openssl-3.0.8.conf
Add the following path in the config file.
/usr/local/ssl/lib64
Save and exit. Reload the dynamic link
ldconfig -v
Step 7 - Configure OpenSSL Binary
Now, we are going to insert the binary of our new version of OpenSSL /usr/local/ssl/bin/openssl and replace the default openssl file.
First, take a backup of existed openssl file.
mv /bin/openssl /bin/openssl.backup
Create new environment files for OpenSSL.
vi /etc/profile.d/openssl.sh
Add the following lines.
OPENSSL_PATH="/usr/local/ssl/bin"
export OPENSSL_PATH
PATH=$PATH:$OPENSSL_PATH
export PATH
Save & exit. Make the newly created file executable.
chmod +x /etc/profile.d/openssl.sh
Reload the new OpenSSL environment file and check the default PATH
source /etc/profile.d/openssl.sh
echo $PATH
Now, let’s verify the installation and version of the OpenSSL.
which openssl
openssl version -a
Output will be similar like:
OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
built on: Sat Mar 4 18:28:32 2023 UTC
platform: linux-x86_64
options: bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/ssl/lib64/engines-3"
MODULESDIR: "/usr/local/ssl/lib64/ossl-modules"
Seeding source: os-specific
CPUINFO: OPENSSL_ia32cap=0xdefa220b478bffff:0x842421
We have seen, how to install OpenSSL 3 on AlmaLinux 9. Here is the OpenSSL official manual guide.
