DebianDebian Based

How To Install OpenSSL on Debian 12

Install OpenSSL on Debian 12

In this tutorial, we will show you how to install OpenSSL on Debian 12. OpenSSL is a vital open-source tool for implementing SSL and TLS protocols, ensuring secure and encrypted communication between web servers and browsers. It’s not just for securing websites; OpenSSL is also crucial for any application requiring secure network communication.

Some key features of OpenSSL include

  • Implementation of SSL/TLS protocols for transferring private data securely
  • Cryptographic algorithms like symmetric ciphers (e.g. AES), hashes (e.g. SHA256), and public key algorithms (e.g. RSA)
  • Tools for generating and managing keys, certificates, and more
  • Used widely in web servers, email servers, VPNs, and other network software

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of OpenSSL on a Debian 12 (Bookworm).

Prerequisites

  • A server running one of the following operating systems: Debian 12 (Bookworm).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • An active internet connection. You’ll need an internet connection to download the necessary packages and dependencies for OpenSSL.
  • A user account with sudo privileges to execute administrative commands.

Install OpenSSL on Debian 12 Bookworm

Step 1. Before installing any new software, it’s always a good idea to update your system’s package list. Open a terminal and execute the following command:

sudo apt update
sudo apt upgrade

Step 2. Installing OpenSSL on Debian 12.

  • Installing OpenSSL from Debian Repositories.

The easiest way to install OpenSSL is to use the precompiled packages from the Debian repositories. Here are the steps:

sudo apt update
sudo apt install openssl

This installs the latest available OpenSSL version in the repositories.

To check the installed version:

openssl version -a

If the OpenSSL version in Debian is outdated, installing from source is recommended instead.

  • Installing OpenSSL from Source.

For the most up-to-date OpenSSL, compiling from source is preferred. Here is how to install the latest OpenSSL 3.0 on Debian 12 from source:

First, install Build Dependencies:

sudo apt install build-essential checkinstall zlib1g-dev

This installs packages required for compiling software from source code.

Go to the OpenSSL download page and copy the latest stable 3.0 URL. Then download and extract the source tarball:

cd /usr/local/src
sudo wget https://www.openssl.org/source/openssl-3.0.8.tar.gz
sudo tar xzf openssl-3.0.8.tar.gz

Configure OpenSSL with the proper install directories and compile options:

cd openssl-3.0.8
sudo ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
sudo make
sudo make test

Finally, install the compiled binaries and libraries:

sudo make install
/usr/local/ssl/bin/openssl version -a 

Step 3. Basic OpenSSL Commands.

Here are some common OpenSSL commands to get started:

  • Generate private key:
openssl genrsa -out private.key 2048
  • Generate CSR (Certificate Signing Request):
openssl req -new -key private.key -out csr.pem
  • Generate self-signed certificate:
openssl req -x509 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 365
  • View certificate details:
openssl x509 -in cert.pem -text -noout

Step 4. Configuring OpenSSL.

The main OpenSSL configuration file is openssl.cnf located in /usr/lib/ssl on Debian systems. This file controls default settings used by OpenSSL commands.

Some common aspects that can be configured include:

  • Security level:
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
MinProtocol = TLSv1.2
  • Cipher suites:
[system_default_sect]
CipherString = DEFAULT:@SECLEVEL=2 
  • Certificate details:
[req]
default_bits = 2048
default_md = sha256 

Refer to OpenSSL configuration documentation for more details.

Congratulations! You have successfully installed OpenSSL. Thanks for using this tutorial to install the latest version of the OpenSSL on Debian 12 Bookworm. For additional help or useful information, we recommend you check the official OpenSSL website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button