OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.

OpenSSL is used by many programs like Apache Web server, PHP, and many others providing support for various cryptographic algorithms such as ciphers (AES, Blowfish, DES, IDEA etc.), and cryptographic hash functions (MD5, MD4, SHA-1, SHA-2 etc.)

In this guide, we are going to install the latest version of OpenSSL on CentOS 7.

Deploying your cloud server
If you have not already registered with Cloudwafer, you should begin by getting signed up. Take a moment to create an account after which you can easily deploy your own cloud servers.

Once you have signed up, log into your Cloudwafer Client Area with the password provided in your mail and deploy your Cloudwafer cloud server.

Updating System Packages on CentOS
It is always recommended that you update the system to the latest packages before beginning any major installations. This is done with the command below:

sudo yum update

Before we begin our installation, you can check the version of OpenSSL installed on your server by issuing the command below:

openssl version -a

Step 1: Install Development Tools
The "Development tools" are a yum group, which is a predefined bundle of software that can be installed at once, instead of having to install each application separately. The Development tools will allow you to build and compile software from source code. Issue the command below to install:

sudo yum group install 'Development Tools'

Issue the following command below to install other necessary packages and libraries.

sudo yum install perl-core zlib-devel -y

Step 2: Download OpenSSL
Next, we are going to download OpenSSL from the source (getting the latest version which at the time of writing this guide, the latest stable version is the 1.1.1 series).

cd /usr/local/src/
sudo wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz

Next, extract the downloaded file using the command below:

sudo tar -xf openssl-1.1.1c.tar.gz

Next, navigate to the extracted directory.

cd openssl-1.1.1c

Step 3: Install OpenSSL
We are now going to install the latest version of OpenSSL which we downloaded using the command below:

sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib

sudo make
sudo make test
sudo make install

Step 4: Configure OpenSSL Shared Libraries
Naviagate to the /etc/ld.so.conf.d directory and create a new configuration file 'openssl-1.1.1c.conf'.

cd /etc/ld.so.conf.d/
sudo nano openssl-1.1.1c.conf

Enter the following:

/usr/local/ssl/lib

Ensure to save before you exit.

Next, reload the dynamic link by issuing the command below:

sudo ldconfig -v

Step 5: Configure OpenSSL Binary
In our final configuration, we are going to insert the binary of our new version of OpenSSL installed (located at /usr/local/ssl/bin/openssl) to replace the default openssl binary (located at /usr/bin/openssl or /bin/openssl).

First, backup the default OpenSSL binary files.

sudo mv /bin/openssl /bin/openssl.backup

Next, create new environment files for OpenSSL:

sudo nano /etc/profile.d/openssl.sh

Enter the following:

#Set OPENSSL_PATH
OPENSSL_PATH="/usr/local/ssl/bin"
export OPENSSL_PATH
PATH=$PATH:$OPENSSL_PATH
export PATH

Ensure to save before you exit.

Next, make the openssl.sh file executable by issuing the command below:

sudo chmod +x /etc/profile.d/openssl.sh

Next, reload the OpenSSL environment and check the PATH bin directory using commands below:

source /etc/profile.d/openssl.sh
echo $PATH

We can now check and verify our installation of the latest stable version of OpenSSL using the command below:

 which openssl
 openssl version -a