OpenSSL is an open-source implementation of the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols. It provides a powerful set of cryptographic functions that are used for securing data in transit, such as web transactions and email communication. OpenSSL is widely used by system administrators and software developers, and it is available on most operating systems. In this blog, we will explore how to install OpenSSL on Linux.

OpenSSL Architecture :

OpenSSL is a library that provides various cryptographic functions, such as symmetric and asymmetric encryption, digital signature generation and verification, and secure random number generation. It is written in C programming language and can be used in C, C++, and other programming languages.

The OpenSSL library is divided into several components, including the cryptographic algorithms, the SSL and TLS protocol implementation, and the X.509 certificate handling. Each component can be used independently or in combination with others.

OpenSSL supports a wide range of cryptographic algorithms, including symmetric key algorithms such as AES, DES, and 3DES, and asymmetric key algorithms such as RSA, DSA, and ECDSA. It also supports various hash algorithms such as SHA-1, SHA-2, and MD5.

SSL and TLS Protocols

OpenSSL supports both SSL and TLS protocols. SSL is the predecessor of TLS and is still in use, although it is less secure than TLS. TLS is the current standard for secure communication over the internet.

TLS provides several key features, including confidentiality, integrity, and authenticity. Confidentiality ensures that data is protected from eavesdropping, integrity ensures that the data has not been tampered with, and authenticity ensures that the data is coming from a trusted source.

Certificate Handling

OpenSSL supports the X.509 certificate format, which is widely used for public key infrastructure (PKI). A certificate contains a public key and other information, such as the certificate holder’s name and the certificate’s expiration date. The certificate is digitally signed by a trusted certificate authority (CA) to ensure its authenticity.

OpenSSL can generate self-signed certificates, which are useful for testing and development purposes. It can also be used to sign and verify certificates using a trusted CA.

If you want to create Self-Signed Certificates with OpenSSL. Click here

OpenSSL Versions, Release dates and EOL :

Here I am listing OpenSSL versions, released dates and EOL so you will get idea to install most updated version for your Linux server.

VersionsReleased DatesEOL
3.0 (LTS)07 Sep 202107 Sep 2026
1.1.1 (LTS)11 Sep 201811 Sep 2023
1.1.025 Aug 201611 Sep 2019
1.0.2 (LTS)22 Jan 201531 Dec 2019
OpenSSL versions, release dates and EOL

Steps to install latest OpenSSL on Linux server

Latest OpenSSL doesn’t come with installation package. The best way to install OpenSSL is to download binaries from OpenSSL official websites. This tutorial will help you to install latest OpenSSL on old Linux systems like CentOS 7, RHEL 7, Oracle Linux 7, Ubuntu 20.04 or Debian 10.

Latest OpenSSL 3 Installation


  • sudo privileges.
  • Stable internet connection.

First check server OS version then start installation as per OS version:

# egrep '^(VERSION|NAME)=' /etc/os-release

Check installed OpenSSL version:

Before installing OpenSSL, check already installed OpenSSL version on system:

# openssl version

Install the prerequisite packages:

For RHEL, CentOS and Oracle Linux 7 server
# yum group install 'Development Tools' -y
# yum install perl-core perl-IPC-Cmd zlib-devel wget gzip -y

For RHEL, CentOS, Oracle Linux or Rocky Linux 8 and 9 server
# dnf group install 'Development Tools' -y
# dnf install perl-core perl-IPC-Cmd zlib-devel wget gzip -y

For Ubuntu and Debian server
# apt update -y
# apt install build-essential zlib1g-dev wget gzip -y

Download OpenSSL Latest version:

# cd /tmp && wget

Extract downloaded tar file and delete tar file:

# tar -xzvf openssl-*.tar.gz && rm -rf openssl-*.tar.gz && cd openssl-*

Compile OpenSSL from source code:

# ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib

Note: Wait a while to compete the OpenSSL compilation process.

Now Install the OpenSSL:

# make && make install

We successfully installed Latest OpenSSL 3.0.

Lets Configure OpenSSL Link Libraries:

# cat <<'EOT' | sudo tee /etc/

# ldconfig -v

Configure installed OpenSSL to default OpenSSL:

# mv /usr/bin/openssl /usr/bin/openssl.bak && mv /usr/bin/c_rehash /usr/bin/c_rehash.bak

# update-alternatives --install /usr/bin/openssl openssl /usr/local/ssl/bin/openssl 1

# update-alternatives --install /usr/bin/c_rehash c_rehash /usr/local/ssl/bin/c_rehash 1

Verify installed OpenSSL version:

# openssl version

That’s it. We installed the latest version of OpenSSL on Linux system.


OpenSSL is a powerful and versatile tool that can be used to secure communications over the internet. We installed the latest version of OpenSSL 3.0 on CentOS, RHEL, Oracle Linux, Ubuntu and Debian. Now you can use it to generate keys, certificates, and other cryptographic artifacts, as well as encrypt and decrypt files.