How to install ssl on RHEL 8 / CentOS 8

As interconnected computer networks enter more and more fields of everyday life, cybersecurity is getting louder and louder. We protect our websites, the traffic on our websites, the computers we initiate the traffic from, maybe (part of) the disks our operating system run from, our connection to work, the computers we attach to at work, and so on.

openssl is an essential tool on any recent GNU/Linux distribution if one have to work with various certificates.

In this tutorial we will install (and reinstall) the openssl package, and test it’s functionality by checking a website’s certificate chain with it’s help.

In this tutorial you will learn:

  • How to install openssl
  • How to reinstall openssl
  • How to check a website’s SSL certificate chain with openssl

Checking a website's SSL certificate with openssl.

Checking a website’s SSL certificate with openssl.

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System RHEL 8 / CentOS 8
Software openssl 1.1.1.1
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to install ssl on RHEL 8 / CentOS 8 step by step instructions

openssl is a base package present by default on even a minimal RHEL 8 / CentOS 8 installation. If removed by accident or broken, the package can be installed after enabling the subscription management repositories.

  1. To install packages on RHEL 8 / CentOS 8 we can use dnf command. Use the below command to install openssl package:
    # dnf install openssl


  2. If the installed package is somehow broken, dnf can also be used to renistall it:
    # dnf renistall openssl
  3. openssl has many functions, but as for a simple functional test we don’t want to fiddle with certificate stores, we’ll use it as a client to connect to a remote SSL-ready website, get and verify it’s SSL certificate and the certificate’s chain.This is the same thing any security-aware browser does before showing the connection is secure with a web page, or not. We’ll get the certificate chain of the website home to this tutorial:
    # openssl s_client -connect linuxconfig.org:443 --showcerts

    If you are not familiar with pki, and the whole certificate business, the lengthy output will be alien to you at first glance (maybe for the second look, too). Experienced eyes can see the certificate chain from these outputs, but for the question of “is this site using a trusted certificate?”, the answer is in the last few lines:

    [...]
        Start Time: 1546710774
        Timeout   : 7200 (sec)
        Verify return code: 0 (ok)
        Extended master secret: no
        Max Early Data: 0
    ---
    read R BLOCK

    We also verified our openssl tool is working.