How To Install OpenSSL 3 on AlmaLinux 9

How To Install OpenSSL 3 on AlmaLinux 9.

This guide provides comprehensive instructions on installing OpenSSL 3 on AlmaLinux 9. The latest stable version of the 3.0 series, OpenSSL 3.0.8, will be installed. This guide will be updated as newer versions are released.

Prerequisites

• A dedicated server running AlmaLinux 9
• Root user access or a regular user with sudo privileges

Step 1: Update the Server

Maintaining an up-to-date server is crucial for security reasons. Use the following command to update the server:

dnf update -y

Step 2: Install Development Tools

Development tools and a few dependencies are required for installing OpenSSL. Execute the following command to install them:

dnf group install 'Development Tools'

Step 3: Install Dependencies

Install the necessary dependencies using the following command:

dnf install perl-core zlib-devel -y

Step 4: Download and Extract Source File

Download the latest stable version from the 3.0 series, which is also the Long Term Support (LTS) version, supported until September 7, 2026. Use the following command to download the source file:

wget https://www.openssl.org/source/openssl-3.0.8.tar.gz

Extract the tar file using the following command:

tar xzvf openssl-3.0.8.tar.gz

Step 5: Configure and Build

Navigate to the extracted directory and configure, build, test, and install OpenSSL in the default location /usr/local/ssl:

cd openssl-3.0.8
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib

Step 6: Configure Shared Libraries

After successfully installing OpenSSL, configure its shared libraries. Perform the following steps:

1. Navigate to the /etc/ld.so.conf.d directory:

cd /etc/ld.so.conf.d/

2. Create a configuration file:

vi openssl-3.0.8.conf

3. Add the following path to the configuration file:

/usr/local/ssl/lib64

4. Save and exit the file.
5. Reload the dynamic link:

ldconfig -v

Step 7: Configure OpenSSL Binary

Replace the default openssl file with the binary of the newly installed OpenSSL version:

1. Back up the existing openssl file:

mv /bin/openssl /bin/openssl.backup

2. Create a new environment file for OpenSSL:

vi /etc/profile.d/openssl.sh

3. Add the following lines to the file:

OPENSSL_PATH="/usr/local/ssl/bin"
export OPENSSL_PATH
PATH=$PATH:$OPENSSL_PATH
export PATH

4. Save and exit the file.
5. Make the newly created file executable:

chmod +x /etc/profile.d/openssl.sh

6. Reload the new OpenSSL environment file and check the default PATH:

source /etc/profile.d/openssl.sh
echo $PATH

Step 8: Verify Installation

Verify that OpenSSL is installed and working correctly:

1. Check the location of the openssl executable:

which openssl

2. Print the OpenSSL version:

openssl version -a

The output should be similar to the following:

OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023)
built on: Sat Mar  4 18:28:32 2023 UTC
platform: linux-x86_64
options:  bn(64,64)
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL -DZLIB -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/ssl/lib64/engines-3"
MODULESDIR: