How to Install the latest OpenSSL version from Source on Linux

OpenSSL is a widely used crypto library that implements SSL and TLS protocols to secure communications over computer networks. OpenSSL is widely used by many software like Apache web server, PHP, Postfix and many others. OpenSSL offers support for different cryptographic algorithms such as Chipers (AES, Blowfish, DES, IDEA etc), Cryptographic hash functions (MD5, MD4, SHA-1, SHA-2 etc), and Public-key cryptography (RSA, DSA, Diffie-Hellman key exchange).

In this tutorial, I will show you step-by-step how to install the latest stable OpenSSL version from source on the Ubuntu 18.04 and CentOS 7.5 servers.

What we will do?

  1. Install Dependencies
  2. Download OpenSSL Source Code
  3. Install OpenSSL
    1. Compile and Install OpenSSL
    2. Configure Link Libraries
    3. Configure OpenSSL Binary
  4. Testing

Step 1 - Install Dependencies

The first step we must do for compiling the OpenSSL manually from source is installing some package dependencies including the 'build-essential' package on Ubuntu, or 'Development Tools' package on CentOS.

On Ubuntu 18.04

Update the Ubuntu repository and install package dependencies for software compilation using the apt command below.

sudo apt update
sudo apt install build-essential checkinstall zlib1g-dev -y

On CentOS 7.5

Install the 'Development Tools' and some packages libraries using the yum command.

yum group install 'Development Tools'
yum install perl-core zlib-devel -y

After the installation is complete, go to the next step.

Step 2 - Download OpenSSL

In this tutorial, we will install the latest stable version of OpenSSL - OpenSSL 1.0.2o. You can download the source code from the OpenSSL site.

Go to the '/usr/local/src' directory and download the OpenSSL source code using wget.

cd /usr/local/src/

Now extract the openssl.tar.gz file, and go to the 'openssl' directory.

tar -xf openssl-1.0.2o.tar.gz
cd openssl-1.0.2o

Download OpenSSL source

The OpenSSL source code has been downloaded.

Step 3 - Install OpenSSL

Before installing the custom OpenSSL version to the system, let's check the installed version using the command below.

openssl version -a

Below is my results on Ubuntu 18.04.

Compile OpenSSL on Ubuntu 18.04

And this is on CentOS 7.5.

Compile OpenSSL on CentOS 7

We will replace the '1.1.0g' version with the latest stable version 1.0.2o.

We will install the new OpenSSL version to the specific directory '/usr/local/ssl', and then enable the Link Libraries of OpenSSL, and configure the new binary PATH for OpenSSL.

- Install and Compile OpenSSL

Go to the openssl downloaded directory '/usr/local/src/openssl'.

cd /usr/local/src/openssl-1.0.2o

Configure and compile OpenSSL with commands below.

./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib

make test

Wait for the OpenSSL compile process.


  • --prefix and --openssldir = Set the output path of the OpenSSL.
  • shared = force to create a shared library.
  • zlib = enable the compression using zlib library.

When the compile process is complete, install the OpenSSL using the command below.

make install

make install

OpenSSL is installed in the '/usr/local/ssl' directory.

Check OpenSSL installation

Next, we will configure the shared libraries for OpenSSL. The new OpenSSL binary will load library files from the '/usr/local/ssl/lib' directory.

Go to the '/etc/' directory and create new configuration file 'openssl-1.0.2o.conf'.

cd /etc/
vim openssl-1.0.2o.conf

Paste the openssl library path directory.


Save and exit.

Now reload the dynamic link using the command below.

sudo ldconfig -v

And you will see the OpenSSL libraries on the '/usr/local/ssl/lib' directory has been loaded.

Ubuntu 18.04.

ldconfig on Ubuntu 18.04

CentOS 7.5.

ldconfig on CentOS 7

- Configure OpenSSL Binary

We will replace the default openssl binary '/usr/bin/openssl or /bin/openssl' with the new version '/usr/local/ssl/bin/openssl'.

On Ubuntu 18.04

Backup the binary files.

mv /usr/bin/c_rehash /usr/bin/c_rehash.BEKUP
mv /usr/bin/openssl /usr/bin/openssl.BEKUP

Edit the '/etc/environment' file using vim.

vim /etc/environment

Now add the new OpenSSL binary directory as below


Save and exit.

Reload the environment file and test new updated binary PATH.

source /etc/environment
echo $PATH

Now check again the OpenSSL binary file.

which openssl

You will get the result as below.

Configure OpenSSL Binary on Ubuntu

The binary path openssl for Ubuntu has been updated.

On CentOS 7.5

Backup centos OpenSSL binary files.

mv /bin/openssl /bin/openssl.BEKUP

Create new environment files for OpenSSL.

vim /etc/profile.d/

Paste configuration below.

export PATH

Save and exit.

Make the file executable.

chmod +x /etc/profile.d/

Load the OpenSSL environment and check the PATH bin directory using commands below.

source /etc/profile.d/
echo $PATH

Now check the OpenSSL file.

which openssl

You will get the result as below.

Configure OpenSSL Binary on CentOS

The binary path openssl for CentOS has been updated.

Step 4 - Testing

Test the OpenSSL new version using the following command.

openssl version -a

The result on Ubuntu.

Result on CentOS.

The new latest stable version of OpenSSL has been installed from source on Linux Ubuntu 18.04 and CentOS 7.5.


Share this page:

Suggested articles

18 Comment(s)

Add comment


By: Udom at: 2018-07-25 12:54:19

Hi, I have upgrade to the latest version but I cannot incorparate this version to Apache. Do you have any suggestion?



By: Alex at: 2018-07-28 21:01:57

What a great article!  Thanks a lot!!!

By: Norbert at: 2018-08-11 07:49:16

Good tutorial, although I preferred to not touch the old binaries, I simply added /usr/local/ssh/bin as the first entry of the $PATH. Note also that the files in /etc/ are parsed in alphabetical order.

By: Sonia at: 2018-08-28 23:05:20

How to give Cross compiler option?


I am trying to cross compile for power pc..using compiler:{CC=ppc4xx-linux-gcc --host=powerpc-linux --target=powerpc-linux --with-yielding_select=no} but make depend/make fails. Anything I can do?

By: Pooch at: 2018-09-22 22:53:28

Thank you for putting this together! I've been struggling with changing OpenSSL versions in Debian for some time now.

One thing I'm still unclear about is why we're using the shared option here when compiling. Is this required or is it simply to provide shared libraries of the correct version of OpenSSL for other applications that need it?

By: Kenny at: 2018-10-05 12:05:19

 Thanks very much. Good documentation and easy to follow.

By: Dennis at: 2018-10-05 13:29:23

To keep the PATH-Setting after reboot:

vim /etc/profile.d/


source /etc/profile.d/


vim /etc/systemd/system/openssl.service











systemctl enable openssl.service

By: Von at: 2018-10-18 05:25:26

Just in case if someone encountered a TAP OUT error. Please install the following

yum install perl-Module-Load-Conditional perl-core

By: Daniel at: 2018-11-04 11:56:33

Excellent Article!! Thank your for sharing :-)

By: Bruno Wego at: 2018-11-18 17:35:37

Thanks a lot!

By: Manuel at: 2018-11-24 02:07:17

Claro y facil. Muy buen trabajo. Gracias


By: Jay at: 2019-02-08 17:27:36

Excellent article

By: Josh at: 2019-02-27 23:32:48

I needed to put 'sudo' before the make directives and then it worked!

By: Evaldo at: 2019-03-01 18:22:04

Thank you!

By: Rob at: 2019-03-23 22:26:13

Hello Muhammad, thanks so much. Your tutorial works perfectly. At first, I thought things were off, because on Ubuntu 'openssl version' gave me a not found response, but after a reboot, everything was well. Thanks again.

By: Rob at: 2019-03-23 22:28:38

By the way, maybe I should clarify I did the upgrade to openssl 1.1.1b.

By: Andrew at: 2019-04-12 04:42:11

Great Article! Worked like a charm, Thanks!

By: Rashmi Sikka at: 2019-04-18 07:07:30

Awesome article, one of the rarest!