Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Upgrading OpenSSL

  • The OpenSSL version must be 1.1.1a or later.
  • View the OpenSSL version: 
    openssl version
  • If the OpenSSL version provided by openEuler is 1.1.1f, you do not need to upgrade OpenSSL. Skip this section.
  • The OpenSSL version provided by CentOS is 1.0.2k-fips. This document uses an upgrade to 1.1.1a as an example.

Installation from Source Code

  1. Obtain the OpenSSL source code.
    1. Download the OpenSSL source package using the local browser.

      Download address: https://codeload.github.com/openssl/openssl/tar.gz/OpenSSL_1_1_1a

    2. Upload the source package to the /home directory on the server.

      If the server is connected to the Internet, you can run the wget command on the server to download the source code.

      1. Go to the /home directory and download the source package. 
        1
2
        		 
        cd /home
wget https://codeload.github.com/openssl/openssl/tar.gz/OpenSSL_1_1_1a --no-check-certificate
      2. Rename the downloaded source package. (The name of the OpenSSL source package downloaded using a local browser is different from that downloaded using the wget command. In this section, the OpenSSL source package is obtained by using a local browser. If you obtain it using the wget command, rename the downloaded source package.) 
        1
        		 
        mv OpenSSL_1_1_1a openssl-OpenSSL_1_1_1a.tar.gz
  2. Decompress the OpenSSL source package.
    1
    		 
    tar -xvf openssl-OpenSSL_1_1_1a.tar.gz

  3. Go to the openssl-OpenSSL_1_1_1a directory and run the ls command to query the files in the directory.
    1
2
    		 
    cd openssl-OpenSSL_1_1_1a/
ls

  4. Configure OpenSSL.
    1
    		 
    ./config

  5. Perform the compilation and installation.
    1
    		 
    make -j60 && make -j60 install
    • -j60: Make full use of multi-core CPUs to accelerate compilation.
    • You can run the lscpu command to query the number of CPU cores.
  6. Configure the ld.so.conf file.
    1
2
    		 
    echo "/usr/local/lib/" >> /etc/ld.so.conf
ldconfig -v
  7. Make OpenSSL take effect.
    1. Add OpenSSL to the environment variables. 
      1
      		 
      echo export PATH=/usr/local/bin:\$PATH >> /etc/profile
    2. Make the environment variables take effect. 
      1
      		 
      source /etc/profile

  8. View the OpenSSL version.
    • Method 1: 
      1
2
      		 
      hash -r
openssl version

    • Method 2: 
      1
2
3
      		 
      hash -r
which openssl
/usr/local/bin/openssl version
  9. View the OpenSSL installation directory (OPENSSLDIR).
    1
    		 
    openssl version -a

To uninstall OpenSSL that is installed using the source code, use either of the following methods:

  • Method 1: 
    1
2
3
4
5
    		 
    cd /home/openssl-OpenSSL_1_1_1a
make uninstall
hash -r
openssl version
openssl version -a
  • Method 2: 
    1
2
3
4
5
6
7
    		 
    openssl version -a
rm -rf /usr/local/ssl
rm -rf /usr/local/lib/engines-1.1
rm -rf /usr/local/bin/openssl
hash -r
openssl version
openssl version -a

Installing the RPM Package

  1. Obtain the OpenSSL RPM package.
    1. Download the RPM package using a local browser.

      Download address:

      https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-libs-1.1.1a-3.el7.aarch64.rpm

      https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-1.1.1a-3.el7.aarch64.rpm

      https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-devel-1.1.1a-3.el7.aarch64.rpm

    2. Copy the RPM package to the /home directory on the server.

      If the server is connected to the Internet, you can run the wget command on the server to download the RPM package.

      1
2
3
4
      		 
      cd /home
wget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-libs-1.1.1a-3.el7.aarch64.rpm --no-check-certificate
wget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-1.1.1a-3.el7.aarch64.rpm --no-check-certificate
wget https://mirrors.huaweicloud.com/kunpeng/yum/el/7/aarch64/Packages/web/openssl-devel-1.1.1a-3.el7.aarch64.rpm --no-check-certificate
  2. Install OpenSSL.
    1
    		 
    rpm -ivh openssl-libs-1.1.1a-3.el7.aarch64.rpm openssl-1.1.1a-3.el7.aarch64.rpm  openssl-devel-1.1.1a-3.el7.aarch64.rpm --force --nodeps
  3. Configure the ld.so.conf file.
    1
2
    		 
    echo "/usr/local/lib/" >> /etc/ld.so.conf
ldconfig -v
  4. Make OpenSSL take effect.
    1
2
    		 
    echo export PATH=/usr/local/bin:\$PATH >> /etc/profile
source /etc/profile

  5. View the OpenSSL version.
    Method 1: 
    1
2
    		 
    hash -r
openssl version

    Method 2:

    1
2
3
    		 
    hash -r
which openssl
/usr/local/bin/openssl version
  6. View the OpenSSL installation directory (OPENSSLDIR).
    1
    		 
    openssl version -a

To uninstall OpenSSL that is installed using the RPM package, run the following commands:

1
2
3
4
5
6
 
rpm -qa | grep openssl
rpm -e --nodeps openssl-devel-1.1.1a openssl-1.1.1a openssl-libs-1.1.1a
rpm -qa | grep openssl
hash -r
openssl version
openssl version -a