Cyberithub

How to Install OpenSSL on Ubuntu 22.04 LTS

How to Install OpenSSL on Ubuntu 22.04 LTS

by
Advertisements

In this article, we will see how to install OpenSSL on Ubuntu 22.04 LTS. OpenSSL is a free and open source full featured robust software for general purpose cryptography and secure communication. It implements Secure Socket Layer(SSL) and Transport Layer Security(TLS) Protocols to secure communication over the network. It is used for creating, managing and verifying digital certificates.

OpenSSL program uses various cryptographic functions of crypto library from the shell. It is also used for creation and management of private and public keys. It can be easily installed on Windows, Linux and MacOS based systems. Here we will see the steps to install OpenSSL on Ubuntu 22.04 LTS based systems.

 

How to Install OpenSSL on Ubuntu 22.04 LTS

How to Install OpenSSL on Ubuntu 22.04 LTS 

Also Read: How to Install Postman in VS Studio Code : [5 Easy Steps]

Step 1: Prerequisites

a) You should have a running Ubuntu 22.04 LTS Server.

b) You should have sudo or root access to run privileged commands.

c) You should have apt or apt-get package manager available in your Server.

d) You should have git and dpkg utility available in your Server.

 

Step 2: Update Your Server

Before installing OpenSSL package, always check for latest available updates from default Ubuntu repo and install them by using sudo apt update && sudo apt upgrade command as shown below.

cyberithub@ubuntu:~$ sudo apt update && sudo apt upgrade
[sudo] password for cyberithub:
Get:1 https://brave-browser-apt-release.s3.brave.com stable InRelease [7,546 B]
Get:2 https://dl.google.com/linux/chrome/deb stable InRelease [1,825 B]
Hit:3 http://in.archive.ubuntu.com/ubuntu jammy InRelease
Get:4 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:5 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB]
Get:6 https://dl.google.com/linux/chrome/deb stable/main amd64 Packages [1,083 B]
Hit:7 https://artifacts.elastic.co/packages/8.x/apt stable InRelease
Get:8 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease [109 kB]
Hit:9 https://ngrok-agent.s3.amazonaws.com buster InRelease
Get:10 http://in.archive.ubuntu.com/ubuntu jammy-updates/main amd64 DEP-11 Metadata [101 kB]
Get:11 http://in.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 DEP-11 Metadata [289 kB]
Get:12 http://in.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 DEP-11 Metadata [940 B]
Get:13 http://security.ubuntu.com/ubuntu jammy-security/main i386 Packages [319 kB]
Get:14 http://in.archive.ubuntu.com/ubuntu jammy-backports/main amd64 DEP-11 Metadata [4,920 B]
Get:15 http://in.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 DEP-11 Metadata [17.9 kB]
Get:16 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [764 kB]
Get:17 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [165 kB]
Get:18 http://security.ubuntu.com/ubuntu jammy-security/main amd64 DEP-11 Metadata [43.1 kB]
Get:19 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [826 kB]
Get:20 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [133 kB]
Get:21 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 DEP-11 Metadata [39.9 kB]
Fetched 3,051 kB in 4s (838 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

 

Step 3: Install OpenSSL

Most of the time you will see OpenSSL package already installed in your system but just in case if it's not installed then you can follow any of the below methods to install OpenSSL program on your Ubuntu 22.04 LTS.

a) Using APT

If you are looking to install openssl from default Ubuntu repo then you have to run sudo apt install openssl command as shown below. This will download and install the package along with all its dependencies.

cyberithub@ubuntu:~$ sudo apt install openssl
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Suggested packages:
ca-certificates
The following NEW packages will be installed:
openssl
0 upgraded, 1 newly installed, 0 to remove and 2 not upgraded.
Need to get 1,183 kB of archives.
After this operation, 2,102 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssl amd64 3.0.2-0ubuntu1.10 [1,183 kB]
Fetched 1,183 kB in 2s (582 kB/s)
Selecting previously unselected package openssl.
(Reading database ... 233851 files and directories currently installed.)
Preparing to unpack .../openssl_3.0.2-0ubuntu1.10_amd64.deb ...
Unpacking openssl (3.0.2-0ubuntu1.10) ...
Setting up openssl (3.0.2-0ubuntu1.10) ...
Processing triggers for man-db (2.10.2-1) ...

b) Using Source Code

You have to visit OpenSSL Github page and clone the latest source code using git utility as shown below. This will create an openssl directory and copy all the files in it in the current working path.

cyberithub@ubuntu:~$ git clone git://git.openssl.org/openssl.git
Cloning into 'openssl'...
remote: Enumerating objects: 461672, done.
remote: Counting objects: 100% (3811/3811), done.
remote: Compressing objects: 100% (2956/2956), done.
remote: Total 461672 (delta 2329), reused 1141 (delta 844), pack-reused 457861
Receiving objects: 100% (461672/461672), 113.40 MiB | 2.01 MiB/s, done.
Resolving deltas: 100% (344436/344436), done.
Updating files: 100% (5123/5123), done.

Then you have to switch to openssl directory using cd openssl command and configure OpenSSL for your local system architecture by running ./config script as shown below.

cyberithub@ubuntu:~$ cd openssl
cyberithub@ubuntu:~/openssl$ ./config
Configuring OpenSSL version 3.2.0-alpha2-dev for target linux-x86_64
Using os-specific seed configuration
Created configdata.pm
Running configdata.pm
Created Makefile.in
Created Makefile
Created include/openssl/configuration.h

**********************************************************************
***                                                                ***
***    OpenSSL has been successfully configured                    ***
***                                                                ***
***    If you encounter a problem while building, please open an   ***
***    issue on GitHub <https://github.com/openssl/openssl/issues> ***
***    and include the output from the following command:          ***
***                                                                ***
***        perl configdata.pm --dump                               ***
***                                                                ***
***    (If you are new to OpenSSL, you might want to consult the   ***
***    'Troubleshooting' section in the INSTALL.md file first)     ***
***                                                                ***
**********************************************************************

Next you need to compile the source code by using make utility as shown below.

cyberithub@ubuntu:~/openssl$ make
/usr/bin/perl "-I." "-Iutil/perl" "-Mconfigdata" "-MOpenSSL::paramnames" "util/dofile.pl" "-oMakefile" crypto/params_idx.c.in > crypto/params_idx.c
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/crypto/bn_conf.h.in > include/crypto/bn_conf.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/crypto/dso_conf.h.in > include/crypto/dso_conf.h
/usr/bin/perl "-I." "-Iutil/perl" "-Mconfigdata" "-MOpenSSL::paramnames" "util/dofile.pl" "-oMakefile" include/internal/param_names.h.in > include/internal/param_names.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/openssl/asn1.h.in > include/openssl/asn1.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/openssl/asn1t.h.in > include/openssl/asn1t.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/openssl/bio.h.in > include/openssl/bio.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/openssl/cmp.h.in > include/openssl/cmp.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/openssl/cms.h.in > include/openssl/cms.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/openssl/conf.h.in > include/openssl/conf.h
/usr/bin/perl "-I." "-Iutil/perl" "-Mconfigdata" "-MOpenSSL::paramnames" "util/dofile.pl" "-oMakefile" include/openssl/core_names.h.in > include/openssl/core_names.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/openssl/crmf.h.in > include/openssl/crmf.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/openssl/crypto.h.in > include/openssl/crypto.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/openssl/ct.h.in > include/openssl/ct.h
/usr/bin/perl "-I." "-Mconfigdata" "util/dofile.pl" "-oMakefile" include/openssl/err.h.in > include/openssl/err.h
.......................................................
rm -f "util/shlib_wrap.sh"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh"
chmod a+x util/shlib_wrap.sh
rm -f "util/wrap.pl"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
"-oMakefile" util/wrap.pl.in > "util/wrap.pl"
chmod a+x util/wrap.pl
make[1]: Leaving directory '/home/cyberithub/openssl'

Finally install the compiled modules by using sudo make install command as shown below. If you want, you can also compile and install by using a single command - make && sudo make install.

cyberithub@ubuntu:~/openssl$ sudo make install
....................................................................
install doc/html/man7/provider-keyexch.html -> /usr/local/share/doc/openssl/html/man7/provider-keyexch.html
install doc/html/man7/provider-keymgmt.html -> /usr/local/share/doc/openssl/html/man7/provider-keymgmt.html
install doc/html/man7/provider-mac.html -> /usr/local/share/doc/openssl/html/man7/provider-mac.html
install doc/html/man7/provider-object.html -> /usr/local/share/doc/openssl/html/man7/provider-object.html
install doc/html/man7/provider-rand.html -> /usr/local/share/doc/openssl/html/man7/provider-rand.html
install doc/html/man7/provider-signature.html -> /usr/local/share/doc/openssl/html/man7/provider-signature.html
install doc/html/man7/provider-storemgmt.html -> /usr/local/share/doc/openssl/html/man7/provider-storemgmt.html
install doc/html/man7/provider.html -> /usr/local/share/doc/openssl/html/man7/provider.html
install doc/html/man7/proxy-certificates.html -> /usr/local/share/doc/openssl/html/man7/proxy-certificates.html
install doc/html/man7/x509.html -> /usr/local/share/doc/openssl/html/man7/x509.html

If you don't have LD_LIBRARY_PATH set then you need to set it by using export LD_LIBRARY_PATH="/usr/local/lib64:$PATH" command as shown below.

cyberithub@ubuntu:~/openssl$ export LD_LIBRARY_PATH="/usr/local/lib64:$PATH"

To make the changes permanent, you have to set LD_LIBRARY_PATH in ~/.bashrc file.

 

Also Read

Solved "The following packages have been kept back:" error

 

Step 4: Verify Installation

If you installed package through apt or apt-get package manager then you can check the installed files path by using dpkg -L openssl command as shown below.

cyberithub@ubuntu:~$ dpkg -L openssl
/.
/etc
/etc/ssl
/etc/ssl/certs
/etc/ssl/openssl.cnf
/etc/ssl/private
/usr
/usr/bin
/usr/bin/c_rehash
/usr/bin/openssl
/usr/lib
/usr/lib/ssl
/usr/lib/ssl/misc
/usr/lib/ssl/misc/CA.pl
/usr/lib/ssl/misc/tsget.pl
/usr/share
/usr/share/doc
/usr/share/doc/openssl

 

Step 5: Check Version

You can also verify the current installed version by running openssl version command as shown below.

cyberithub@ubuntu:~$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

 

Step 6: Using OpenSSL

Now that OpenSSL is installed, we can use this program to create a self signed certificate for use as root CAs using below openssl command. You can replace different arguments based on your requirements.

cyberithub@ubuntu:~$ openssl req -x509 -sha256 -days 356 -nodes -newkey rsa:2048 -subj "/CN=demo.cyberithub.com/C=US/L=San Fransisco" -keyout tls.key -out tls.crt 
Generating a 2048 bit RSA private key
...................+++
.............................+++
writing new private key to 'tls.key'
-----

Here are all the arguments used with openssl program:-

  • req: Create a self signed certificate
  • -x509: Output a self signed certificate instead of a certificate request
  • -sha256: SHA-2 256 Digest
  • -days: No of days to certify the certificate
  • -nodes: Do not encrypt the private key
  • -newkey: Creates a new certificate request and a new private key
  • -subj: Replaces subject field of input request with specified data and outputs modified request.
  • -keyout: Gives the filename to write newly created private key
  • -out: Specify the output filename to write to.

 

Step 7: Uninstall OpenSSL

When it comes to uninstallation, you should do it at your own risk as I would never recommend to uninstall OpenSSL package from System. But still if you are interested to uninstall then you can follow one of the below methods depending on how you have installed the package.

a) Using APT

You should never attempt to uninstall OpenSSL from Ubuntu 22.04 LTS system as there is a high chance it will make your system unstable and could cause unrecoverable error to some of the applications which are actively using this package. This can be easily understood by running sudo apt remove openssl and checking below packages on the output which it will remove during uninstallation of OpenSSL package. Hence do not remove the package unless it is absolutely necessary.

cyberithub@ubuntu:~$ sudo apt remove openssl
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
apport-symptoms apturl-common cups-server-common fonts-lato gir1.2-goa-1.0 gir1.2-snapd-1 hplip-data javascript-common libauthen-sasl-perl libclone-perl
libcupsimage2 libdata-dump-perl libfile-listing-perl libfont-afm-perl libfuse2 libhpmud0 libhtml-form-perl libhtml-format-perl libhtml-parser-perl
libhtml-tagset-perl libhtml-tree-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl
libimagequant0 libio-html-perl libio-socket-ssl-perl libjs-jquery liblwp-mediatypes-perl libmailtools-perl libnet-http-perl libnet-smtp-ssl-perl
libnet-ssleay-perl libraqm0 libsane-hpaio libtie-ixhash-perl libtimedate-perl libtry-tiny-perl libvulkan1 libwww-robotrules-perl libxml-xpathengine-perl
libxss1 libxvmc1 mesa-vulkan-drivers perl-openssl-defaults printer-driver-postscript-hp python3-dateutil python3-debconf python3-distro-info
python3-distupgrade python3-jeepney python3-keyring python3-lazr.uri python3-olefile python3-pil python3-problem-report python3-protobuf
python3-pymacaroons python3-pyparsing python3-renderpm python3-reportlab python3-reportlab-accel python3-rfc3339 python3-secretstorage python3-systemd
python3-tz python3-update-manager python3-wadllib ruby-net-telnet ruby-webrick ruby-xmlrpc ubuntu-advantage-desktop-daemon unattended-upgrades x11-apps
x11-session-utils xbitmaps xinit xinput xorgxrdp xserver-xorg-input-all xserver-xorg-input-libinput xserver-xorg-input-wacom xserver-xorg-video-all
xserver-xorg-video-amdgpu xserver-xorg-video-ati xserver-xorg-video-fbdev xserver-xorg-video-intel xserver-xorg-video-nouveau xserver-xorg-video-qxl
xserver-xorg-video-radeon xserver-xorg-video-vesa
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
apport apport-gtk apturl bluez-cups ca-certificates cups cups-browsed cups-core-drivers cups-daemon firefox gnome-online-accounts hplip
liblwp-protocol-https-perl libnet-dbus-perl libruby3.0 libwww-perl libxml-parser-perl libxml-twig-perl nautilus-share openssl postfix
printer-driver-hpcups printer-driver-splix python3-apport python3-certifi python3-httplib2 python3-launchpadlib python3-lazr.restfulclient
python3-macaroonbakery python3-requests python3-software-properties rake ruby ruby-rubygems ruby3.0 rubygems-integration snapd software-properties-common
software-properties-gtk ssh-import-id ssl-cert ubuntu-desktop ubuntu-desktop-minimal ubuntu-release-upgrader-core ubuntu-release-upgrader-gtk
update-manager update-manager-core update-notifier update-notifier-common xorg xrdp xserver-xorg
0 upgraded, 0 newly installed, 52 to remove and 2 not upgraded.
After this operation, 156 MB disk space will be freed.
Do you want to continue? [Y/n] n
.....................................................

b) Using make utility

If you installed openssl through source code then you need to run sudo make uninstall from cloned openssl directory to remove the program as you can see below. But as I said earlier, I would never recommend you to uninstall openssl until it is absolutely necessary.

cyberithub@ubuntu:~/openssl$ sudo make uninstall
[sudo] password for cyberithub:
*** Uninstalling manpages
rm -f /usr/local/share/man/man1/CA.pl.1ossl
rm -f /usr/local/share/man/man1/openssl-asn1parse.1ossl
rm -f /usr/local/share/man/man1/openssl-ca.1ossl
rm -f /usr/local/share/man/man1/openssl-ciphers.1ossl
rm -f /usr/local/share/man/man1/openssl-cmds.1ossl
rm -f /usr/local/share/man/man1/openssl-cmp.1ossl
rm -f /usr/local/share/man/man1/openssl-cms.1ossl
rm -f /usr/local/share/man/man1/openssl-crl.1ossl
rm -f /usr/local/share/man/man1/openssl-crl2pkcs7.1ossl
.........................................................

Leave a Comment