Introduction to OpenSSL
OS environment information
[ root@renwole.com ~]# hostnamectl Static hostname: renwole.renwole.com Icon name: computer-vm Chassis: vm Machine ID: 95d03f7f0b6c48f08dfc5a8ca715cc23 Boot ID: e2b668b974ca4e00a3004f08c1d8efee Virtualization: vmware Operating System: CentOS Linux 7 (Core) CPE OS Name: cpe:/o:centos:centos:7 Kernel: Linux 3.10.0-1127.el7.x86_64 Architecture: x86-64
1. Check the OpenSSL version before upgrading
openssl version -a OpenSSL 1.0.2k-fips 26 Jan 2017
2. Start downloading and installing the latest official OpenSSL
wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz tar zxf openssl-1.1.1g.tar.gz && cd openssl-1.1.1g ./config -Wl,-rpath=/usr/local/openssl/lib -fPIC --prefix=/usr/local/openssl --openssldir=/usr/local/openssl make depend && make -j 2 && make install
3. Start the upgrade. Back up the old OpenSSL first. If the upgrade fails, roll back quickly
mv /usr/bin/openssl /usr/bin/openssl.bak mv /usr/include/openssl /usr/include/openssl.bak mv /usr/lib64/openssl /usr/lib64/openssl.bak rm -f /usr/lib64/libssl.so.10 rm -f /usr/lib64/libcrypto.so.10
4. Create a corresponding new OpenSSL soft connection
ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl ln -sf /usr/local/openssl/include/openssl /usr/include/openssl ln -sf /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so ln -sf /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so.1.1 ln -sf /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so ln -sf /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1
5. Add OpenSSL DLL and make it effective
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf.d/openssl-renwole.com.conf ldconfig
6. Check whether OpenSSL is successfully upgraded
openssl version -a OpenSSL 1.1.1g 21 Apr 2020