Actually i need to enable http2 module on nginx or apache on CentOS, and the definitely requirement this must update your openssl, oke let’s start..
check you current openssl version
openssl version
it will print out version of installed package like this
OpenSSL 1.0.1e-fips 11 Feb 2013
we need to compile latest openssl from source code, before we compile we need install some tool that will help you compile it :
yum install libtool perl-core zlib-devel -y
next download the latest openssl from source code :
curl -O -L https://github.com/openssl/openssl/archive/OpenSSL_1_1_0g.tar.gz
in order to decompress it use following command :
tar -zxvf OpenSSL_1_1_0g.tar.gz
cd openssl-OpenSSL_1_1_0g
Now it’s time to configure and compile OpenSSL:
./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib
make
make install
Add new version to PATH
After the installation you will probably want to check the version of OpenSSL but it will print out old version. Why? Because it’s also installed on your server. I rarely override packages installed via yum. The reason is that when there is new version of OpenSSL and you will install it via yum, it will simply override compiled version, and you will have to recompile it again.
Instead of overriding files I personally like to create new profile entry and force the system to use compiled version of OpenSSL.
In order to do that, create following line :
vi /etc/profile.d/openssl.sh
and paste the following content :
# /etc/profile.d/openssl.sh
pathmunge /usr/local/openssl/bin
save the file and load yor profile with this command :
source /etc/profile
if you have get an error with loading libraries we need to create an entry in ldconfig
vi /etc/ld.so.conf.d/openssl-1.1.0g.conf
and paste the following content :
# /etc/ld.so/conf.d/openssl-1.1.0g.conf
/usr/local/openssl/lib
You need to re-load linker by using following command:
ldconfig -v
and you can check again your openssl version, binggo 😀
OpenSSL 1.1.0g 2 Nov 2017
The Journey of Linux Sysadmin 