Linux下OpenSSL 安装图文详解

Linux下OpenSSL 安装图文详解

装环境：        操作系统：RedHat 12.0        OpenSSL Version:openssl-0.9.8l

Download

• 安装包(Linux source) : openssl-0.9.8l.tar.gz（or the latest version of openssl）

      下载地址：http://www.openssl.org/source/

• 在linux下解压缩下载到的安装包，命令如下.....
  tar -xzf openssl-xxx.tar.gz

Our Configuration

• Install to : /usr/local/ssl
• Module type : dynamically and staticly loaded modules, *.so *.a

Build Instructions

Configure

.../openssl-0.9.8l]# ./config --prefix=/usr/local/ssl-0.9.8l shared zlib-dynamic enable-camellia

• --prefix=/usr/local/ssl-0.9.8l
  [this is the installation location; default is '/usr/local/ssl' -- which we will symlink]
• shared
  [in addition to the usual static libraries, create shared libraries]
• zlib-dynamic
  [like "zlib", but has OpenSSL load the zlib library dynamically when needed]
• enable-camellia
  [enables the symmetric cipher 'Camellia' (128-bit, 192-bit, 256-bit key versions), which is now available for royalty-free use]

display guess on system made by './config'...

.../openssl-0.9.8l]# ./config -t

Build and Install

• .../openssl-0.9.8l]# make depend
  [step required since extra cipher was enabled]
• .../openssl-0.9.8l]# make
• .../openssl-0.9.8l]# make test
• .../openssl-0.9.8l]# make install

Symlink

Form symlink from '/usr/local/ssl-0.9.8l' to '/usr/local/ssl'（...]代表“/usr/local/”）

• ...]# cd /usr/local
• /usr/local]# ln -s ssl-0.9.8l ssl

Update the Run-time Linker

ld.so.cache will need to be updated with the location of the new OpenSSL shared libs: libcrypto.so.0.9.8 and libssl.so.0.9.8

Sometimes it is sufficient to just symlink or copy these two files to /lib, but we recommend you follow these instructions instead.

Edit /etc/ld.so.conf, add to paths...（修改效果如下图1,当然也可以直接在/etc/ld.so.conf.d文件夹下再创建一个.conf文件，把/usr/local/ssl/lib拷贝到里面，另外也可以在现有的.conf文件中添加这个路径，反正ld.so.conf中包含了这个文件夹下的所有.conf文件）

图1

/usr/local/ssl/lib

Update the run-time linker...

...]# ldconfig

Update the PATH

Edit /root/.bash_profile, add to PATH variable...

（若原来没有安装openssl的旧版本，则放在PATH中的任何位置都可以，但是记住要用冒号分隔开，而不是分号分隔，详见后面的截图，若想查看当前的PATH环境变量都设置了什么，可以使用如下的命令实现：

[root@localhost local]# echo $PATH

/usr/local/ssl/bin:/usr/lib/qt-3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin

）

NOTE：一般在root下直接是看不见.bash_profile（一般为隐藏文件）的，可以在该目录下使用ls –a 命令来显示隐藏了的文件。然后用VI或emacs编辑器来修改其中的内容。编译完成后若要立刻看到效果，可以用命令：source .bash_profile ，若要长期起作用，需要重新登录（当我首次安装的时候是出现的情况是这样的~~~

/usr/local/ssl/bin

Re-login.

[sanity check] OpenSSL

Verify that binary 'openssl' is linking against the correct ssl libraries...

• [root@localhost /]# cd /usr/local
• [root@localhost local]# ldd /usr/local/ssl/bin/openssl
•         linux-gate.so.1 =>  (0x00c4b000)
•         libssl.so.0.9.8 => /usr/local/ssl-0.9.8l/lib/libssl.so.0.9.8 (0x00d5b000)
•         libcrypto.so.0.9.8 => /usr/local/ssl-0.9.8l/lib/libcrypto.so.0.9.8 (0x00110000)
•         libdl.so.2 => /lib/libdl.so.2 (0x005b2000)
•         libc.so.6 => /lib/libc.so.6 (0x00447000)
•         /lib/ld-linux.so.2 (0x0042a000)

...]# which openssl

/usr/local/ssl/bin/openssl

...]# openssl version

OpenSSL 0.9.8l 5 Nov 2009

If another path, or an older version is shown, your system contains a previously installed OpenSSL that is first [relative to the newer openssl] in the path.

Repeate the steps in section 'Update the PATH', except place the specified location at the start of the PATH variable.(在/root/.bash_profile中将PATH设置为如下的顺序，即把当前安装上的openssl的版本放在环境变量的前面，这样优先使用的就是新安装的最新的版本的OpenSSL了）

图2

Note that the older openssl, on most systems, is located under /usr/bin

The location of 'openssl' can be found with...（用下面的命令你就可以查到你的openssl的安装目录了~~~）

...]# which openssl

以上只是我在刚开始学习的时候的安装过程，若有不对的地方或还有更好的方法，欢迎大家批评指正~~~