As interconnected computer networks enter more and more fields of everyday life, cybersecurity is getting louder and louder. We protect our websites, the traffic on our websites, the computers we initiate the traffic from, maybe (part of) the disks our operating system run from, our connection to work, the computers we attach to at work, and so on.

openssl is an essential tool on any recent GNU/Linux distribution if one have to work with various certificates.

In this tutorial we will install (and reinstall) the openssl package, and test it's functionality by checking a website's certificate chain with it's help.

In this tutorial you will learn:
  • How to install openssl
  • How to reinstall openssl
  • How to check a website's SSL certificate chain with openssl
Checking a website's SSL certificate with openssl.
Checking a website's SSL certificate with openssl.

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Red Hat Enterprise Linux 8
Software openssl 1.1.1.1
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ - requires given linux commands to be executed as a regular non-privileged user

How to install ssl on Redhat 8 step by step instructions

openssl is a base package present by default on even a minimal RHEL 8 installation. If removed by accident or broken, the package can be installed after enabling the subscription management repositories.

  1. To install openssl, we can use dnf:
    # dnf install openssl

  2. SUBSCRIBE TO NEWSLETTER
    Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


  3. If the installed package is somehow broken, dnf can also be used to renistall it:
    # dnf renistall openssl
  4. openssl has many functions, but as for a simple functional test we don't want to fiddle with certificate stores, we'll use it as a client to connect to a remote SSL-ready website, get and verify it's SSL certificate and the certificate's chain.

    This is the same thing any security-aware browser does before showing the connection is secure with a web page, or not. We'll get the certificate chain of the website home to this tutorial:
    # openssl s_client -connect linuxconfig.org:443 --showcerts
    If you are not familiar with pki, and the whole certificate business, the lengthy output will be alien to you at first glance (maybe for the second look, too). Experienced eyes can see the certificate chain from these outputs, but for the question of "is this site using a trusted certificate?", the answer is in the last few lines:
    [...]
        Start Time: 1546710774
        Timeout   : 7200 (sec)
        Verify return code: 0 (ok)
        Extended master secret: no
        Max Early Data: 0
    ---
    read R BLOCK
    We also verified our openssl tool is working.
ARE YOU LOOKING FOR A LINUX JOB?
Submit your RESUME, create a JOB ALERT or subscribe to RSS feed on LinuxCareers.com.
LINUX CAREER NEWSLETTER
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.

You may also be interested in:



Comments and Discussions