Installing OpenSSL locally under your username

Overview

OpenSSL is a toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. It is used to secure connections on the server and within your software.

This is already installed on all DreamHost servers. As of May 2019, DreamHost runs version OpenSSL 1.0.1f on servers running Ubuntu 14 and 1.1.0g on servers running Ubuntu 18.

Do I need to install my own version?

The version on the server works for the majority of all web applications. However, newer software may require a higher version. For example, Python 3.7.1 requires version 1.0.2 or above. In you wish to use software that requires a higher version, you must install the newer version of OpenSSL locally under your Shell user.

Installing OpenSSL

This example installs version 1.1.1b.

  1. Visit https://www.openssl.org/source/ and locate the version you wish to download. Right click it and choose 'Copy link address'.
  2. Run 'wget' to download the file.
    [server]$ wget https://www.openssl.org/source/openssl-1.1.1b.tar.gz
  3. You should also confirm the file's integrity by downloading the SHA256 file on the same page next to it.
    [server]$ wget https://www.openssl.org/source/openssl-1.1.1b.tar.gz.sha256
  4. Once both files are downloaded, view the checksum to confirm the version you downloaded is safe to use.
    [server]$ sha256sum openssl-1.1.1b.tar.gz
    5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b openssl-1.1.1b.tar.gz
    [server]$ cat openssl-1.1.1b.tar.gz.sha256
    5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
    If they match, proceed with the next step.
  5. Decompress this file.
    [server]$ tar zxvf openssl-1.1.1b.tar.gz
  6. Change into the new openssl directory
    [server]$ cd openssl-1.1.1b
  7. Configure the file:

    This will configure it to be installed in a directory named 'openssl' under your user. Make sure to change 'username' to your Shell user.

    You can install it anywhere you like, just make sure you DO NOT install it into a directory named 'openssl-1.1.1'. This directory was already created when you decompressed the .tar.gz file. If you configure it to install there, it will fail (since it already exists).

    View the following OpenSSL page for information on configuration options:

    [server]$ ./config --prefix=/home/username/openssl --openssldir=/home/username/openssl no-ssl2

    Make sure to change 'username' to your Shell user.

  8. Run make. Once that is finished, run make test:
    [server]$ make
    [server]$ make test
    At the end you should see 'All tests successful'.
  9. Run make install
    [server]$ make install
  10. Change back to your home directory.
    [server]$ cd ~
  11. Add the following lines to your .bash_profile. View 'Creating and editing a file via SSH' for instructions.
    export PATH=$HOME/openssl/bin:$PATH
    export LD_LIBRARY_PATH=$HOME/openssl/lib
    export LC_ALL="en_US.UTF-8"
    export LDFLAGS="-L/home/username/openssl/lib -Wl,-rpath,/home/username/openssl/lib"

    In the last line, make sure to change 'username' to your Shell user.

  12. Source the .bash_profile
    [server]$ . ~/.bash_profile
  13. Test to confirm it's installed in the correct location and that the version is 1.1.1.
    [server]$ which openssl
    /home/username/openssl/bin/openssl
    [server]$ openssl version
    OpenSSL 1.1.1b  26 Feb 2019

OpenSSL has been installed locally under your username.

See also

Did this article answer your questions?

Article last updated PST.