Upgrading Openssl for Apache on Ubuntu

 

Created on: 11/21/19
Last update: 11/21/19

Just upgraded the OpenSSL from 1.0.2 to 1.1.1. on a server with Ubuntu 16.04.

Install OpenSSL

Install required packages

sudo apt-get install make

Download OpenSSL

cd /usr/local
wget https://www.openssl.org/source/openssl-1.1.1.tar.gz
tar -xvf openssl-1.1.1.tar.gz 

Compile

cd openssl-1.1.1
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl
make
make test
make install

Create and edit /etc/ld.so.conf.d/openssl-1.1.1.conf, add following path:

/usr/local/ssl/lib

Reload the dynamic link:

sudo ldconfig -v

Configure OpenSSL Binary

Backup the current binary files:

mv /usr/bin/c_rehash /usr/bin/c_rehash.BEKUP
mv /usr/bin/openssl /usr/bin/openssl.BEKUP

Edit the /etc/environment file using vim.

Test

Check the openssl version:

openssl version -v

Enable New OpenSSL on Apache

Navigate to the Apache source file (e.g., /usr/local/httpd-2.4.41/). Configure and update Apache:

make clean
LDFLAGS=-L/usr/local/ssl/lib
./configure --prefix=/usr/local/apache24 --with-included-apr --enable-ssl --with-ssl=/usr/local/ssl  --enable-ssl-staticlib-deps --enable-mods-static=ssl
make
make install

The mod_ssl modeule (/usr/local/apache24/modules/mod_ssl.so) will be recompiled.

Check the HEAD of target url at https://apitester.com/. The response would be like:

HTTP/1.1 200 OK
Date: Thu, 21 Nov 2019 18:48:42 GMT
Server: Apache/2.4.41 (Unix) OpenSSL/1.1.1
Last-Modified: Mon, 11 Jun 2007 18:53:14 GMT
ETag: "2d-432a5e4a73a80"
Accept-Ranges: bytes
Content-Length: 45
Content-Type: text/html

References

How to Install the latest OpenSSL version from Source on Linux

Use Different OpenSSL for Apache

how to upgrade openssl for apache 2.2.29 - still using old 0.9.8 version