Install openssl

Where can I download the openssl for my redhat ?

Any step by step guideline on how to setup it up ?

Tks
AXISHKAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ganesh Kumar ASr Infrastructure SpecialistCommented:
Download link for OpenSSL : http://www.openssl.org/source/

How to install OpenSSL on CentOS/ RedHat Linux
Install OpenSSL
yum install openssl
Note: This is typically installed on CentOS by default.

How to configure OpenSSL on CentOS/ RedHat Linux
Change your working directory to /etc/pki/CA
cd /etc/pki/CA
Create a foloder to hold the Certificates
mkdir certs
Create a folder to hold the Certificate Revocation List
mkdir crl
Create a folder to hold the Server Certificates in PEM (unencrypted) format
mkdir newcerts
Create a file that holds the database of certificates
touch index.txt
Create a file that holds the next certificate serial number
echo '01' > serial
Create a file that holds the next Certificate Revocation List serial number
echo '01' > crlnumber
Make a copy the systems default openssl configuration file for our use
cp /etc/pki/tls/openssl.cnf openssl.cnf
Edit the /etc/pki/CA/openssl.cnf file making the following changes
Change line 37
from dir             = ../../CA              # Where everything is kept
to dir             = .                     # Where everything is kept
Change line 45
from certificate     = $dir/cacert.pem       # The CA certificate
to certificate     = $dir/certs/ca.crt     # The CA certificate
Change line 50
from private_key     = $dir/private/cakey.pem# The private key
to private_key     = $dir/private/ca.key   # The private key
Make the /etc/pki/CA/openssl.cnf file not world readable
chmod 0600 openssl.cnf
Ganesh Kumar ASr Infrastructure SpecialistCommented:
Here are few topics to create CA, CRL, Revoke Certificate and verify certificate.
------------------------------------------------------------------------------------------------------------------------
To create Certificate Authority :
Create a Certificate Authority (CA)
Change your working directory to /etc/pki/CA
cd /etc/pki/CA
Create a certificate authority good for ten years
openssl req -config openssl.cnf -new -x509 -extensions v3_ca -keyout private/ca.key -out certs/ca.crt -days 3650
Enter PEM pass phrase: $password
Re-Enter PEM pass phrase: $password
Country Name: $country
State or Province Name: $state
Locality Name: $city
Organization Name: $company
Organizational Unit Name: $department = Certificate Authority
Common Name: ca.$domain
Email Address: ca@$domain
Restrict access to the private key so that only root can read it
chmod 0400 private/ca.key

------------------------------------------------------------------------------------------------------------------------

Create a Certificate Request (CSR)
Change your working directory to /etc/pki/CA
cd /etc/pki/CA
Create a certificate request good for one year
openssl req -config openssl.cnf -new -nodes -keyout private/$domain.key -out $domain.csr -days 365
Country Name: $country
State or Province Name: $state
Locality Name: $city
Organization Name: $company
Organizational Unit Name: $department = Secure Web Server
Common Name: $url
Email Address: $email
Challenge password: [ENTER]
Optional company name: [ENTER]
Restrict access to the private key so that only root and apache can read it
chown root:apache private/$domain.key
chmod 0440 private/$domain.key
Two files are created upon completion of these instructions.  $domain.key is generated and put into the private folder.  This is a private key file specfic to the domain that the certificate request was created for.  $domain.csr is generated and put into the CA folder.  This is a certificate request file and can be used to generate a certificate specific to the domain the certificate request was created for.

Sign a Certificate Request (CSR)
Change your working directory to /etc/pki/CA
cd /etc/pki/CA
Sign a certificate request
openssl ca -config openssl.cnf -policy policy_anything -out certs/$domain.crt -infiles $domain.csr
Enter the ca.key password: $password
Sign the certificate: y
1 out of 1 certificate requests certified, commit: y
Delete the certificate request
rm -f $domain.csr
Two files are created upon completion of these instructions.  $domain.crt is created and put into the certs folder.  This is a certificate file specfic to the domain that the certificate request was created for.  $cert_number.pem is generated and put into the newcerts folder.  This is an X.509 file containing both the $domain.key and $domain.crt file information.

------------------------------------------------------------------------------------------------------------------------
Create a Certificate Revocation List
Generate a new Certificate Revocation List
openssl ca -config openssl.cnf -gencrl -out crl/ca.crl
Enter pass phrase for ./private/ca.key: $password

------------------------------------------------------

Revoke Certificate
Revoke a Certificate
openssl ca -config openssl.cnf -revoke certs/$domain.crt
Enter pass phrase for ./private/ca.key: $password

------------------------------------------------------------------------------------------------------------------------


Verify Certificate
Verify the subject and issuer of a certificate
openssl x509 -subject -issuer -enddate -noout -in certs/$domain.crt
Verify all content of a certificate
openssl x509 -in certs/$domain.crt -noout -text
Verify that the certificate is valid for server authentication
openssl verify -purpose sslserver -CAfile certs/ca.crt certs/$domain.crt
Ganesh Kumar ASr Infrastructure SpecialistCommented:
Below is the article from Redhat for installing OpenSSL : https://access.redhat.com/articles/1384453

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

AXISHKAuthor Commented:
I have download the package from the website. Where should I start ? Click "make", correct ??

refer to the instruction : http://www.linuxfromscratch.org/blfs/view/svn/postlfs/openssl.html

What does "\" mean ?

./config --prefix=/usr         \
         --openssldir=/etc/ssl \
         --libdir=lib          \
         shared                \
         zlib-dynamic &&
make
AXISHKAuthor Commented:
I have run the following command to install but it doesn't install properly...

./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib shared zlib-dynamic
make


make MANDIR=/usr/share/man MANSUFFIX=ssl install &&
install -dv -m755 /usr/share/doc/openssl-1.0.1p  &&
cp -vfr doc/*     /usr/share/doc/openssl-1.0.1p
rindiCommented:
Just do "yum install openssl" from a terminal as root.
AXISHKAuthor Commented:
Tks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.