How to Install OpenSSL on Ubuntu Linux

Introduction

OpenSSL is an open-source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. It is used to provide cryptographic functions and secure communications capabilities in many software packages and applications.

In this comprehensive guide, we will walk through the process of installing OpenSSL on Debian and Ubuntu Linux 18.04 / 20.04 / 22.04 step-by-step. We will cover:

• Understanding OpenSSL and its uses
• Checking if OpenSSL is already installed
• Choosing the right OpenSSL version to install
• Using apt to install OpenSSL
• Downloading and compiling OpenSSL from source
• Verifying the OpenSSL installation
• Troubleshooting tips

We will also provide plenty of background information, explanations, and examples to help you fully understand each step of the process. Whether you are a beginner or advanced Linux user, this guide aims to provide everything you need to get OpenSSL installed correctly on your Ubuntu system.

Prerequisites

Before we begin installing OpenSSL, let’s go over some prerequisites:

• An Ubuntu Linux operating system (any modern version should work)
• Administrative privileges – you will need to use sudo for some installation steps
• Basic command line knowledge for executing terminal commands
• GNU compiler tools like gcc and make (for compiling from source)

That’s it – let’s move on to understanding what OpenSSL is and why it’s useful.

What is OpenSSL ?

OpenSSL is a robust and versatile cryptography toolkit that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols for providing encrypted communications between applications. It also includes a general purpose cryptographic library that provides various cryptographic functions like hashing, digital signatures, encryption/decryption, and more.

Some specific uses of OpenSSL include:

• Providing encryption for internet services and connections – HTTPS websites, SSH, VPNs, email etc rely on TLS/SSL which is implemented using OpenSSL.
• Encrypting sensitive data – OpenSSL can encrypt files, data streams and more through mechanisms like symmetric ciphers.
• Securely hashing passwords – Storing passwords as hashes instead of plaintext is recommended, and OpenSSL provides functions like SHA256 to create secure password hashes.
• Generating private/public key pairs and certificates – OpenSSL is used to create public key infrastructure (PKI) for implementing SSL/TLS.
• Signing messages cryptographically for tamper-proofing and identity verification.

As you can see, OpenSSL forms a crucial backbone for encrypted communications and internet security services. Next, let’s check if we already have it installed.

Check if OpenSSL is already installed

Before installing OpenSSL, it’s worth checking if it is already present on your Ubuntu system from a previous installation.

To check if OpenSSL is installed, use this command:

$ openssl version

If OpenSSL is installed, it will print out version information like:

OpenSSL 1.1.1f  31 Mar 2020

This indicates OpenSSL is already available on your system and you likely don’t need to install it again. Make sure the installed version is still supported and up-to-date.

If the openssl command is not found, you’ll see an error like:

bash: openssl: command not found

This means OpenSSL is not yet installed, so we’ll need to proceed with installing it.

Choosing the right OpenSSL version

There are a few different versions of OpenSSL available that can be installed on Ubuntu. The main ones you’ll likely choose from are:

• OpenSSL 1.1.x – The modern Long Term Support branch that provides regular updates and support until 2023. This is the recommended branch for most uses.
• OpenSSL 1.0.x – The older 1.0.x branch that is in security maintenance until 2023 but not receiving new features. Only use if you have legacy app compatibility issues with 1.1.x.
• OpenSSL 3.0 – The newest 3.x version branch released in 2021. Provides new features but less stability and support. Only use if you specifically need bleeding edge features.

In most cases, you should install OpenSSL 1.1.x to get the latest long term stable features and security updates. Only use older or newer branches if you have specific needs.

On Ubuntu, the openssl package will install the latest 1.1.x version which is recommended for most users. When compiling from source, choose the latest 1.1.x source snapshot.

Now let’s go over the installation process using apt and from source.

Installing OpenSSL using Apt

The easiest way to install OpenSSL on Ubuntu is by using the apt package manager. Here are the steps:

• Update your apt repositories to fetch the latest package listings:

$ sudo apt update

• Install the openssl package:

$ sudo apt install openssl

• Verify the installed version:

$ openssl version

This will show the newly installed version, likely 1.1.x

That’s it! Apt will download and install the latest OpenSSL version from the official Ubuntu repositories automatically.

Depending on your base Ubuntu version, you may get older 1.0.x versions using apt. But this method is great for quickly installing or upgrading to the latest supported OpenSSL release.

Next, let’s go over compiling and installing from source for more control.

Downloading and compiling OpenSSL from source

For some use cases, you may want to download and compile OpenSSL from source rather than using apt:

• Install the latest OpenSSL version before distro packages are updated
• Build with custom compile-time options and settings
• Link against the static libcrypto/libssl libraries rather than shared objects

Here are the detailed steps to build and install OpenSSL from source code:

• First install the required dependencies:

$ sudo apt install build-essential wget

• Go to the OpenSSL download page and find the latest 1.1.x source tarball. Copy the URL to the .tar.gz file. For example https://www.openssl.org/source/openssl-1.1.1w.tar.gz
• Use wget to download the source tarball (adjust version as needed):

$ wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz

• Verify the download checksum matches the one on the website. This ensures the download is not corrupted:

$ sha256sum openssl-1.1.1w.tar.gz

• Extract the source archive:

$ tar xvzf openssl-1.1.1w.tar.gz

• Change into the extracted source directory:

$ cd openssl-1.1.1w

• Configure the build settings. As a basic example:

$ ./config

• For custom settings, see ./config --help. Important options include:
  • --prefix to set install location (default is /usr/local)
  • --openssldir to set SSL directory location
  • static or shared libraries
• Build the package:

$ make

• Run tests (optional but recommended):

$ make test

• Install OpenSSL:

$ sudo make install

By default this will install to /usr/local/bin, /usr/local/lib etc. Use --prefix option to customize.

• Verify installation folder contains the openssl libraries and binaries.

That covers the basic process of compiling and installing OpenSSL from source code. You can also read the official README for more details.

Next, let’s verify OpenSSL was installed correctly.

Verifying the OpenSSL Installation

After installing OpenSSL using either apt or compiling from source, verify everything is working correctly:

• Run openssl version and check the output shows the expected version
• Try running common commands like:
  • openssl genrsa – generate an RSA private key
  • openssl req – generate a certificate signing request
  • openssl x509 – examine/create certificates
  • openssl pkey – examine public or private key files
  • openssl enc – symmetric cipher encryption/decryption
• Look for the openssl libraries and binaries in the expected install locations:
  • /usr/lib/x86_64-linux-gnu/ – shared libraries
  • /usr/local/lib – static libraries if built from source
  • /usr/bin or /usr/local/bin – executables
• If linking to shared libs, ensure your $LD_LIBRARY_PATH includes the OpenSSL lib directory.
• Try using openssl commands in test applications to confirm cryptography and SSL/TLS features work as expected.

If the basic commands function and libraries/bins are found in the right install locations, your OpenSSL setup should be good to go!

Troubleshooting OpenSSL installation issues

Here are some common issues and fixes when installing OpenSSL:

No shared libs found

If apps complain about missing libssl/libcrypto shared libs, either update $LD_LIBRARY_PATH to contain the OpenSSL lib dir, or make sure you installed the -devel apt package that contains the .so shared objects. Or rebuild from source without --static option.

Compiler errors building from source

Ensure you have the required build tools like gcc and make installed. Double check any custom configure options that may be causing issues.

Command not found errors

If openssl command isn’t available after install, make sure /usr/local/bin or the configured install --prefix location is in your $PATH env variable.

SSL apps can’t find cert/key files

Update the OPENSSL_CONF system variable or app config to point to the correct OpenSSL config directory location, usually /usr/lib/ssl or /etc/ssl.

App fails protocol handshake or encryption

Your app may be linked against a different OpenSSL version than expected. Double check library linkages and versions being used.

Warnings about insecure default config

Edit the openssl.cnf file to update default settings per recommendations. Or provide app configs to override.

Make sure you fully uninstall/remove old OpenSSL versions to avoid conflicts or confusion.

In most cases, installation issues can be resolved by double checking locations of libs, bins and config files. Refer to the official OpenSSL documentation for additional troubleshooting tips.

Conclusion

That concludes this comprehensive guide to installing OpenSSL on Ubuntu systems! We covered installation using both the apt package manager as well as building and compiling from latest source releases. You should also now understand the basics of how OpenSSL works and what cryptographic functions it provides.

To summarize, you should now be able to:

• Install the latest OpenSSL versions on Ubuntu
• Build OpenSSL from source for custom configurations
• Verify OpenSSL installed and working properly
• Identify and troubleshoot any installation issues
• Understand the basics of OpenSSL and why it’s important for security

OpenSSL powers countless security systems and cryptographic applications, so it’s an essential tool for any Linux and Ubuntu user to have available. I hope this guide has equipped you with all the knowledge needed to install and use it for your projects and needs. Let us know if you have any other questions.