Overview
OpenSSL is a toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. It is used to secure connections on the server and within your software.
Do I need to install my own version?
The version installed on DreamHost servers works for the majority of all web applications. However, newer software may require a higher version. If you wish to use software that requires a higher version, you must install the newer version of OpenSSL locally under your Shell user.
Installing OpenSSL
This example installs version 3.6.1.
- Log into your server via SSH.
-
Change to your user directory.
[server]$ cd ~
- Visit openssl.org/source/ and locate the version you wish to download. Right-click it and choose Copy link address.
-
Run wget with the URL to download the file.
[server]$ wget https://github.com/openssl/openssl/releases/download/openssl-3.6.1/openssl-3.6.1.tar.gz
-
Confirm the file's integrity by downloading the SHA256 file on the same page next to it.
[server]$ wget https://github.com/openssl/openssl/releases/download/openssl-3.6.1/openssl-3.6.1.tar.gz.sha256
-
View the checksum to confirm the version you downloaded is safe to use.
[server]$ sha256sum openssl-3.6.1.tar.gz b1bfedcd5b289ff22aee87c9d600f515767ebf45f77168cb6d64f231f518a82e openssl-3.6.1.tar.gz [server]$ cat openssl-3.6.1.tar.gz.sha256 b1bfedcd5b289ff22aee87c9d600f515767ebf45f77168cb6d64f231f518a82e *openssl-3.6.1.tar.gz
If they match, proceed with the next step.
-
Decompress this file.
[server]$ tar zxvf openssl-3.6.1.tar.gz
-
Change into the new openssl directory.
[server]$ cd openssl-3.6.1
-
Configure openssl.
This will configure it to be installed in a directory named openssl under your user. Make sure to change username to your Shell user.
You can install it anywhere you like, just make sure you DO NOT install it into a directory named openssl-3.6.1. This directory was already created when you decompressed the .tar.gz file. If you configure it to install there, it will fail (since it already exists).
View the following OpenSSL page for information on configuration options:
[server]$ ./config --prefix=/home/username/openssl --openssldir=/home/username/openssl
-
Run make. Once that is finished, run make test.
[server]$ make [server]$ make test
At the end, you should see All tests successful.
-
Run make install.
[server]$ make install
-
Change back to your home directory.
[server]$ cd ~
-
Add the following lines to your .bash_profile. View Creating and editing a file via SSH for instructions.
export PATH=$HOME/openssl/bin:$PATH export LD_LIBRARY_PATH=$HOME/openssl/lib64
-
Update the .bash_profile.
[server]$ . ~/.bash_profile
-
Test to confirm it's installed in the correct location and that the version is 3.6.1.
[server]$ which openssl /home/username/openssl/bin/openssl [server]$ openssl version OpenSSL 3.6.1 27 Jan 2026 (Library: OpenSSL 3.6.1 27 Jan 2026)
OpenSSL has been installed locally under your username.