本站文章总数为:165
Search Posts

Centos6 升级openssl1.0到3.0

Posted on | By qiuf | No comments
内容纲要

目前在工作环境需要学英语,后面博文尽量中英双语,当学习了.

1. 环境 Server Environment

Centos6
GCC 6.3.0
OpenSSL 1.0.1e-fips 11 Feb 2013

2. 升级原因 Reason for upgrade

免费域名证书的有效期只有三个月。 部署acme申请证书时报错
The free domain name certificate is only valid for three months. When deploying acme to apply for the certificate, an error is reported 

Register account Error: {"type":"urn:ietf:params:acme:error:malformed","status":400,"detail ":"[External Account Binding] The JWS Signature MUST be present"}

搜索发现openssl版本太低需要升级
The search query found that the openssl version is too low and needs to be upgraded.

3. 升级 upgrade

3.1 下载 Download

3.0稳定版支持到2026.9.7 所以选择3.0版本 Note: The latest stable version is the 3.2 series supported until 23rd November 2025. Also available is the 3.1 series supported until 14th March 2025, and the 3.0 series which is a Long Term Support (LTS) version and is supported until 7th September 2026. All older versions (including 1.1.1, 1.1.0, 1.0.2, 1.0.0 and 0.9.8) are now out of support and should not be used. Users of these older versions are encouraged to upgrade to 3.2 or 3.0 as soon as possible. Extended support for 1.1.1 and 1.0.2 to gain access to security fixes for those versions is available.

wget https://www.openssl.org/source/openssl-3.0.13.tar.gz

3.2 解压 tar decompress openssl-3.0.13.tar.gz

tar -zxvf openssl-3.0.13.tar.gz
cd openssl-3.0.13

3.3 安装依赖包 Install dependency packages

yum -y install zlib zlib-devel perl pam-devel  perl-IPC-Cmd

如果没有安装相关依赖,可能报错
Otherwise, an error may be reported due to missing dependent packages.

[root@01 openssl-3.0.13]# ./config shared zlib
Can't locate IPC/Cmd.pm in @INC (@INC contains: /tmp/openssl-3.0.13/util/perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 . /tmp/openssl-3.0.13/external/perl/Text-Template-1.56/lib) at /tmp/openssl-3.0.13/util/perl/OpenSSL/config.pm line 19.
BEGIN failed--compilation aborted at /tmp/openssl-3.0.13/util/perl/OpenSSL/config.pm line 19.
Compilation failed in require at /tmp/openssl-3.0.13/Configure line 23.

3.4 编译安装 make&&make install

./config shared zlib
make
make install

成功日志详细输出
Success detailed log output

[root@01 openssl-3.0.13]# ./config shared zlib
Configuring OpenSSL version 3.0.13 for target linux-x86_64
Using os-specific seed configuration
Created configdata.pm
Running configdata.pm
Created Makefile.in
Created Makefile
Created include/openssl/configuration.h

**********************************************************************
***                                                                ***
***   OpenSSL has been successfully configured                     ***
***                                                                ***
***   If you encounter a problem while building, please open an    ***
***   issue on GitHub <https://github.com/openssl/openssl/issues>  ***
***   and include the output from the following command:           ***
***                                                                ***
***       perl configdata.pm --dump                                ***
***                                                                ***
***   (If you are new to OpenSSL, you might want to consult the    ***
***   'Troubleshooting' section in the INSTALL.md file first)      ***
***                                                                ***
[root@01 openssl-3.0.13]# make
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/crypto/bn_conf.h.in > include/crypto/bn_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/crypto/dso_conf.h.in > include/crypto/dso_conf.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/openssl/asn1.h.in > include/openssl/asn1.h
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" "-oMakefile" include/openssl/asn1t.h.in > include/openssl/asn1t.h
.......
.......
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
            "-oMakefile" util/shlib_wrap.sh.in > "util/shlib_wrap.sh"
chmod a+x util/shlib_wrap.sh
rm -f "util/wrap.pl"
/usr/bin/perl "-I." -Mconfigdata "util/dofile.pl" \
            "-oMakefile" util/wrap.pl.in > "util/wrap.pl"
chmod a+x util/wrap.pl
make[1]: Leaving directory `/tmp/openssl-3.0.13'
[root@01 openssl-3.0.13]# make install 
make depend && make _build_libs
make depend && make _build_modules
make depend && make _build_programs
make[1]: Entering directory `/tmp/openssl-3.0.13'
make[1]: Entering directory `/tmp/openssl-3.0.13'
.......
.......
install doc/man/man7/provider.7 -> /usr/local/share/man/man7/provider.7ossl
install doc/man/man7/proxy-certificates.7 -> /usr/local/share/man/man7/proxy-certificates.7ossl
install doc/man/man7/ssl.7 -> /usr/local/share/man/man7/ssl.7ossl
install doc/man/man7/x509.7 -> /usr/local/share/man/man7/x509.7ossl

4. 备份旧openssl Back up old versions of openssl

mv /usr/bin/openssl /usr/bin/openssl_1.0

5. 更新系统库链接 Update system library links

ln -s /usr/local/bin/openssl /usr/bin/openssl
rm -f /usr/lib64/libcrypto.so
ln -s /usr/local/lib64/libcrypto.so.3 /usr/lib64/libcrypto.so
echo "/usr/local/lib64" > /etc/ld.so.conf.d/openssl-3.0.13.conf
ldconfig

验证版本 Verify version

[root@01 openssl-3.0.13]# openssl version
OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)
Category: Linux | Tag: , , , , , ,

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注