独家优惠奖金 100% 高达 1 BTC + 180 免费旋转

Updating OpenSSL latest and greatest version in Ubuntu 20.04 and 18.04

UPDATED (September 2nd. 2020)

A year has passed since I published this story. Since then Ubuntu 20.04 was released and OpenSSL newest version was published on August 6th 2020. Basically the only thing I changed in this story was the letter that references OpenSSL 1.1.1 series, i.e. changing the letter ‘c’ in the original version to the letter ‘g’ in the commands of the updated one. While these changes are reflected in the commands, the pictures illustrating the results of these commands remain unaltered. Enjoy your reading!

Ubuntu 20.04.1 (the latest 20.04 update as of September 2020) comes with “OpenSSL 1.1.1 31 Mar 2020” installed and Ubuntu 18.04.03 (the latest 18.04 update as of August 2019) comes with “OpenSSL 1.1.1 11 Sep 2018” shipped. At this moment OpenSSL 1.1.1 series’ latest version is ‘1.1.1g’ shipped on Aug 6th. 2020.

In this story I will guide the reader on how to proceed with this update without breaking any interoperability with existing applications that depends on OpenSSL.

I assume the reader is familiar with bash commands and, of course, the update will be on a Ubuntu 20.04 or 18.04 box. While I cannot see any reason this procedure should not work on Ubuntu 16.04 (if you do please let me know), it was not tested.

The first thing to do is to check what version is installed:

In my case “OpenSSL 1.1.1 20 Mar 2020” was the result.

In the image below the above commands are underlined in yellow and the checksum result (OK in this case) is underlined in green:

Step 3: Check downloaded zip file signature

Both keys are imported and then listed as bellow:

The next illustration contains the outcome of the above commands that are underlined in yellow:

The above keys need to be marked as trusted within GnuPG database. This is achieved opening the editor for each signature and marking them as trusted, after checking their fingerprints. Bellow I exemplify this procedure only for Levitte's, the signing member, as follows:

Underline in yellow are the commands to check signature’s fingerprint (fpr), to mark it as trusted (trust), to assign a level of trustworthiness (5) and confirm the above decision (y). To leave this editor type ‘quit’. Sorry that the fonts above are too small but I wanted all commands showing in just one screenshot. Zooming in will help reading it.

With trusted signatures in our GnuPG database it is possible to check the downloaded file signature, provided we have this file verification signature. In the following command we download it, saving it to signature.asc:

Finally lets validate the desired signature as follows:

The desirable result is shown next, meaning that the downloaded zip file is the original signed by OpenSSL member “Richard Levitte”:

Step 4: Install OpenSSL

We will install the new version at /opt/openssl. To do that we need to create and change directory by typing:

Before proceeding verify if Perl, GCC and Make are properly installed by checking their versions. In an Ubuntu 20.04 or 18.04 desktop these tools come installed by default:

Should you need, these applications are in Ubuntu repositories and can be installed via APT.

Extract the downloaded zip file into this directory:

Execute the following command to create the Makefile:

Where /opt/openssl is the home directory and /opt/openssl/ssl is the directory where OpenSSL will store certificates and private keys. The outcome should look like below:

Execute the Makefile, this will take some time, by:

OpenSSL new version 1.1.1g is installed. But right now there are to installations: the original and this one. I won’t delete the original, but only set the new one as the default.

Backup the original by:

In the literature there are references to applications that expect openssl to be at the original directory. To maintain compatibility, and avoiding the need to alter the environment variable PATH, we will create a symbolic link /usr/bin/openssl pointing to /opt/openssl/bin/openssl:

The last command should return:

The end result should look like:

To update the cache run:

To verify that everything is correct execute:

The results should be:

Reboot your system to make things permanent and execute the last three commands again, targeting, obviously, the same outcome.

By now you have OpenSSL new version installed and working correctly. But if you try to download any of the previous files, for instance openssl-1.1.1g.tar.gz, you will get the following error:

This error is to be expected. The Certificate Authority “Let’s Encrypt Authority X3” that issued the server certificate is not in OpenSSL certificate and private key directory (/opt/openssl/ssl). If this is the desired behavior skip what follows and you have OpenSSL 1.1.1g completely installed.

If this is not your desired behavior, you have two options: copy all certificates in /etc/ssl/certs/ to /opt/openssl/ssl/certs; or make /opt/openssl/ssl/certs a symbolic link pointing /etc/ssl/certs/ files (my choice).

Downloading again openssl-1.1.1g.tar.gz we get the desired behavior:

Now all you need is to enjoy your Ubuntu 20.04 or 18.04 box running with OpenSSL latest and greatest version, as of August 2020, 1.1.1g.

Add a comment

What is your view?

Send

Related posts:

Why You Should Not Feel Guilty About Being Selfish

You try to give with joy. It says in the Bible, “Each of you should give what you have decided in your heart to give, not reluctantly or under compulsion, for God loves a cheerful giver.” (2…

Deixa o menino ver o Ronaldinho

Naquela altura do campeonato, lógico, ninguém lembrava mais quem era Romário, e só o que os meninos queriam no futuro era ser o Ronaldinho — Na época, apelido dado ao Fenômeno — . Nesse dia o Brasil…

Advantages and disadvantages of functional programming

I have already written about why you should learn functional programming and explored the fundamentals of functional programming. Before diving into more advanced topics I want to discuss advantages…