Install OpenSSL 1.0.2k – CentOS 7.3

The elusive latest version of OpenSSL, we finally meet.

As everyone knows, CentOS does not always ship with the latest version of softwares. The core repo focuses more on stability rather than freshness.

We recently needed to update OpenSSL on a server with HTTP/2 enabled. The server has nginx setup to handle SSL connections, which it hands off to Varnish which further hands the request back to Apache w/ PHP-FPM.

Get the pre-requisites

yum groupinstall "Development Tools"

Start off by changing your directory to /usr/src

Fetch the latest source for OpenSSL, at the time of writing it was 1.0.2k. Head over to this page to get the latest source

wget https://www.openssl.org/source/openssl-1.0.2k.tar.gz

Extract

tar -zxf openssl-1.0.2k.tar.gz

Step into the extracted folder

cd openssl-1.0.2k.tar.gz

Run configure and install

./config
make
make test
make install

At this point, it is best to backup the current OpenSSL binary file

mv /usr/bin/openssl /root/backup

Now link to the latest version so it is globally accessible

ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

That should do it,  enter openssl version at shell to verify

OpenSSL version