Article directory
1 Introduction
This article documents how to upgrade OpenSSL on CentOS 7. The required steps will be introduced step by step, including backup, download and installation, and configuration.
2. The necessity to upgrade OpenSSL
OpenSSL is an important tool for securing data. It can provide many functions such as encryption and decryption. However, as technology evolves and new security vulnerabilities emerge, using the latest version of OpenSSL becomes an important requirement.
The most important thing is that some newer applications can only be installed on openssl3 , so you
can only upgrade without replacing centos7.
3. Preparations before upgrading
- backup existing configuration
- In order to prevent problems during the upgrade process, we need to backup the existing configuration first. Execute the search command
find /usr -name openssl, for example, what I found out is **/usr/bin/openssl** and /usr/lib64/openssl
, then execute the copy command
[root@localhost ~]# find /usr -name openssl
/usr/bin/openssl
/usr/lib64/openssl
[root@localhost ~]# cp -r /usr/bin/openssl /usr/bin/openssl_backup
[root@localhost ~]# cp -r /usr/lib64/openssl /usr/lib64/openssl_backup
- Checking the system version
We need to confirm the current version of CentOS and OpenSSL to determine the need for upgrading. For example, we can use the commandscat /etc/centos-releaseandopenssl versionto check.
[root@localhost ~]# cat /etc/centos-release
CentOS Linux release 7.6.1810 (Core)
[root@localhost ~]# openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
[root@localhost ~]#
4. Install dependencies
Install required dependencies
yum -y install gcc perl make zlib-devel perl-CPAN
install IPC::Cmdmodule
cpan IPC::Cmd
There will be several interactions when installing the IPC::Cmd module, just press y
5. Download and install OpenSSL
5.1 Download
Log in to https://github.com/openssl/openssl/releases/tag/openssl-3.1.1
to find openssl-3.1.1.tar.gzthe download
Or just use the link I copied
https://github.com/openssl/openssl/releases/download/openssl-3.1.1/openssl-3.1.1.tar.gz
5.2 Decompression
Execute the decompression command in the directory where openssl-3.1.1.tar.gz is located
tar -zxvf openssl-3.1.1.tar.gz
5.3 Installation
- Enter the decompressed command and execute the configuration
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
- Execute the compile command
make
- Execute the installation command
make install
- Configure dynamic library link
echo "/usr/local/ssl/lib64" > /etc/ld.so.conf.d/openssl.conf
- Update the system's library cache
ldconfig
- Replace the old version of the directory
cp /usr/local/ssl/bin/openssl /usr/bin/openssl
- Use a new OpenSSL version
ldconfig -v
6. Check
Execute openssl versionthe command to print the current version
[root@localhost ~]# openssl version
OpenSSL 3.1.1 30 May 2023 (Library: OpenSSL 3.1.1 30 May 2023)
[root@localhost ~]#
7. Deal with possible problems
When installing, there must be a way to directly operate the system, not through tools such as xshell, because after backing up the old openssl at the beginning, if the system is refreshed, it will be disconnected, so it needs to be installed on the premise of being able to directly operate the system upgrade
6. Summary
In this article, we have sorted out in detail the whole process of how to upgrade OpenSSL smoothly under CentOS 7. Hopefully this thorough guide can provide answers to any questions you may have during the upgrade process. Finally, I would like to emphasize again that it must be operated under the premise of being able to directly operate the system.