Table of Contents
  • Home
  • /
  • Blog
  • /
  • Step-By-Step Procedure to Install OpenSSL on a Windows Machine
December 4, 2023
|
11m

Step-By-Step Procedure to Install OpenSSL on a Windows Machine


Procedure To Install Openssl On The Windows Platform

OpenSSL is an open-source cryptographic library that provides a robust toolkit for securing communications and creating, managing, and verifying digital certificates. It is widely used for implementing Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to encrypt connections between clients and servers.

Some of the common uses of OpenSSL include setting up private certificate authorities, generating public/private key pairs, creating certificate signing requests, exporting private key from certificates, converting between certificate formats like PEM and PFX, validating SSL connections, and more.

In this comprehensive guide, we will cover how to download, install, and configure OpenSSL on Windows machines. While Linux distributions come with OpenSSL pre-installed, Windows users need to manually install OpenSSL by getting the binaries from trusted third-party sources.

We will go over the prerequisites, walk through the installation steps, explain how to set up environment variables, and verify the installation to ensure OpenSSL is ready to use on your Windows PC or server. Whether you are a developer, IT admin, or security professional, this step-by-step procedure will help you get OpenSSL running smoothly on your Windows systems.

What is OpenSSL and Why Should We Install OpenSSL on a Windows PC?

OpenSSL is an open-source cryptographic library that provides a robust toolkit for securing communications and applications. Though primarily used on Linux, installing OpenSSL on Windows unlocks powerful capabilities. OpenSSL is mostly for system administrators, developers, and Windows users who wants to implement SSL/TLS connections in their apps and scripts. It enables generating X.509 certificates and certificate signing requests (CSRs) for securing websites and internal infrastructure. Developers can call OpenSSL crypto functions to encrypt data and implement PKI authentication in their apps.

System administrators can manage certificates, test secure connections, and integrate OpenSSL into automation scripts. OpenSSL also helps troubleshoot connection issues by analyzing network traffic and certificates.

There are a lot of things you can do using OpenSSL. Only a few of them are listed here:

  1. You can create your own Certificate Authority and issue certificates on your network. 

  2. Convert digital certificates from one to another format. 

  3. Export or Import private keys from the certificates.

  4. Validate the HTTPS connections to the destination website.

  5. Verify the certificate of the destination website.

  6. Run benchmark tests of your server and remote website.

  7. Extract information like issuer, subject, issued and expiring dates, and fingerprint from certificates.

  8. Create CSR.

  9. Decode CSR and Certificates to verify contents.

You can enjoy the features of OpenSSL if you have installed it on your Windows machine. Before we begin the procedure to install OpenSSL on the Windows platform, let’s see the prerequisites.

Download OpenSSL Installer for Windows

Before we jump into the installation of OpenSSL on a Windows PC, let’s cover a few things about the Linux package. As we said in the introduction, OpenSSL will come as part of default installation packages in all the popular Linux distributions, even if you need a specific version of OpenSSL for your Linux machine, you can download the source code of OpenSSL on from its official website alternatively from here and compel it on Linux. 

Well, If you are looking to download the OpenSSL package for your Windows machine from its official website, you can’t. It’s because OpenSSL doesn’t release official OpenSSL installers for Windows. You should depend on a few third-party distributors who distribute OpenSSL installer files for Windows platforms. OpenSSL has published the list of all trusted third-party distributors on its Wiki page. Please download and install only from these listed third-party sites.

Disclaimer Message from OpenSSL: The listing of these third-party products does not imply any endorsement by the OpenSSL project, and these organizations are not affiliated in any way with OpenSSL other than by reference to their independent websites here. In particular, any donations or payments to any of these organizations will not be known to, seen by, or in any way benefit the OpenSSL project.
OpenSSL

Note: OpenSSL says none of these vendors are partnered with OpenSSL, so issues with these installers should be directly communicated with the distributors. OpenSSL doesn’t hold any responsibilities for these installers. Use these OpenSSL-derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project.

List of Third-Party OpenSSL Distributions:

ProductDescriptionURL
OpenSSL for Web (using WebAssembly)OpenSSL 3.0 ported to WebAssembly (in October 2021). Uses Emscripten and xterm.js to emulate a terminal in your browser. WASI binaries are supported too. The Wasm execution happens using WebWorkers if the browser supports them. Originally developed for the cryptology playground “CrypTool-Online”. Code is open-source on GitHub.OpenSSL-React app: https://github.com/cryptool-org/openssl-webtermBasic Wasm terminal: https://github.com/cryptool-org/wasm-webtermRunning sample: https://www.cryptool.org/en/cto/openssl
OpenSSL for WindowsWorks with MSVC++, Builder 3/4/5, and MinGW. Comes in form of self-install executables.https://slproweb.com/products/Win32OpenSSL.html  
OpenSSL for WindowsPre-compiled Win32/64 libraries without external dependencies to the Microsoft Visual Studio Runtime DLLs, except for the system provided msvcrt.dll.https://indy.fulgan.com/SSL/  
OpenSSL for WindowsReproducible builds with latest MinGW-w64, 64/32-bit, static/dynamic libs and executable.https://github.com/curl/curl-for-win  
OpenSSL for SolarisVersions for Solaris 2.5 – 11 SPARC and X86http://www.unixpackages.com/  
OpensSSL for Windows, Linux, OSX, AndroidPre-compiled packages at conan.io package manager:Windows x86/x86_64 (Visual Studio 10, 12, 14, 15)Linux x86/x86_64 (gcc 4.6, 4.8, 4.9, 5, 6, 7)OSx (Apple clang).Cross-building ready recipe: Linux ARM, Android.https://www.conan.io  https://conan.io/center/openssl  
OpenSSL for WindowsPre-compiled Win32/64 1.0.2, 1.1.0, 1.1.1 and 3.0 libraries without external dependencies, primarily built for François Piette’s Internet Component Suite (ICS) for Embarcadero (Borland) Delphi and C++ development tools, but may be used for any Windows applications. The OpenSSL DLLs and EXE files are digitally code signed ‘Open Source Developer, François PIETTE’, so applications can self verify them for corruption.http://wiki.overbyte.eu/wiki/index.php/ICS_Download  
OpenSSL for WindowsOpenSSL 3.1, 3.0, and 1.1.1 pre-compiled for Microsoft Windows with no external dependencies. The binary distributions can be used standalone or integrated into any Windows application. Installer, EXEs and DLLs are digitally signed with ‘FireDaemon Technologies Limited’ Extended Validation (EV) code signing certificate.https://www.firedaemon.com/get-openssl  
OpenSSL for NonStopPre-compiled NonStop ia64/x86 1.0.2, 1.1.1 executables and libraries for the HPE NonStop Operating Systems. Threaded versions are included. The SPT version depends on FLOSS, otherwise there are no other dependencies. 32-bit versions are available. The builds are done by the ITUGLIB Technical Committee as part of Connect.https://ituglib.connect-community.org/apps/Ituglib/SrchOpenSrcLib.xhtml  

How To Install OpenSSL On The Windows Platform?

The installation procedure is very simple and straightforward. Since OpenSSL does not provide official Windows installers, you need to download OpenSSL from trusted third-party sources listed on the OpenSSL Wiki.

We used Windows 11 64-bit and OpenSSL v 3.1.3 in this tutorial post.

Step 1. Download OpenSSL Installer

Visit any of the above sites and download the appropriate OpenSSL installer for your Windows version (32-bit or 64-bit). Make sure to pick the correct installer package for your machine.

Step 2. Run the OpenSSL Installer

Once downloaded, run the OpenSSL installer (.exe file) by double-clicking on it.

Accept the license agreement and choose the installation directory. The default is C:\Program Files\OpenSSL-Win64 but you can customize it.

The installer will copy all the required DLLs, and libraries, including files and executables. The installation typically finishes within a minute.

Step 3. Installation in progress…….
Step 4. Finish OpenSSL Installation

Once the installation completes, the setup wizard will prompt you to finish the installation. Click Finish to complete the OpenSSL installation process.

Step 5. Set Environment Variable
If you just want to set the environment varibles only for a login session, then run these commands.

>set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
>set Path= C:\Program Files\OpenSSL-Win64\bin

If you want to set the env variable for permanently, then add OPENSSL_CONF and Path environment variable on System Properties.

Open Run using ‘Windows’ + ‘r’ then type ‘sysdm.cpl‘. Go to Advanced > Environment Variable.

Set OPENSSL_CONF and Path variables.

Step 6. Verify the Installation

To verify that OpenSSL is installed correctly and added to PATH, open a new command prompt and run:

openssl version

This will print the installed OpenSSL version and confirm the installation was successful.

You can also check all available commands by running:

openssl help

This completes the installation of OpenSSL on Windows. You will see openssl.ext file in C:\Program Files\OpenSSL-Win64\bin directory.

Troubleshooting OpenSSL Issues

The real problem is not in installing OpenSSL on your Windows computer. The real problem encountered after the installation is when you start using OpenSSL. Many people reported that they were unable to run OpenSSL commands on their computers. This could be due to one of these reasons:

  • Incorrect environment variablesOpenSSL requires certain env vars like OPENSSL_CONF to be set properly. Not configuring these variables correctly can prevent things from working.

  • OpenSSL path not added – The OpenSSL install location needs to be added to the PATH env variable. Failing to do so will make the openssl command unrecognized.

  • Configuration issuesOpenSSL depends on its config file openssl.cnf. If this file is missing or corrupted, strange errors can occur.

  • Old OpenSSL versionOpenSSL releases new versions periodically with security fixes and improvements. Using an outdated OpenSSL can expose vulnerabilities. Upgrade to a newer version when possible.

  • Wrong architecture – Getting 32-bit and 64-bit versions mixed up can lead to errors. Make sure to install the version that matches your Windows architecture.

  • Missing DLL filesOpenSSL relies on certain DLL files like libeay32.dll and ssleay32.dll. If these files are missing or not in the system path, OpenSSL commands will fail.

The first thing you should do is to download the correct installer file and reinstall the OpenSSL. This solves problems like missing DLL and wrong architecture. Generally, version-related issues were seen least oftentimes. You can try fixing version-related issues by reinstalling a different version.

If your problem still persists, then the reason could either be with environment variables or OpenSSL configuration files. Let’s try to troubleshoot.

You should start troubleshooting by running openssl version command. If you get any error, ensure you configured OPENSSL_CONF and Path environment variable as per step 5. We should tell you about the two prominent configuration files openssl.cfg and openssl.cnf. People often get confused with these files. Just pay attention to the extensions .cfg and .cnf. You should set the environment variable OPENSSL_CONF to openssl.cfg file.

Let’s understand openssl.cfg and openssl.cnf configuration files in OpenSSL.

  • openssl.cfg – This is the default configuration file that comes with OpenSSL. It contains default settings for OpenSSL when no other config file is specified. The openssl.cfg file is located in the apps subfolder of the OpenSSL install directory.

  • openssl.cnf – This is the recommended main configuration file for OpenSSL. It contains sections for settings like certificate authority locations, certificate policies, default algorithms and protocols etc. The openssl.cnf file allows extensive customization of OpenSSL behavior.

It may sound similar. Let’s see the difference between to know more about these two files.

The main differences between openssl.cfg and openssl.cnf are:

  • openssl.cfg contains minimal default settings just to get OpenSSL working out of the box. openssl.cnf has extensive options to control OpenSSL behavior.

  • openssl.cfg is automatically loaded if no other config is specified. openssl.cnf must be explicitly specified using the -config option.

  • openssl.cfg is limited and intended for initial testing. openssl.cnf is meant for production use and customization.

  • openssl.cfg sets insecure default settings like using MD5 hashes. openssl.cnf has more conservative secure defaults.

  • Anything set in openssl.cnf will override the defaults in openssl.cfg. openssl.cnf is treated as the main config.

In Windows, openssl.cfg file is located at C:\Program Files\OpenSSL-Win64\bin directory. The openssl.cnf file is located at two locations: C:\Program Files\Common Files\SSL and C:\Program Files\OpenSSL-Win64\bin\cnf.

If you get an error messages “Can’t open /usr/lib/ssl/openssl.cnf for reading, No such file or directory” and “cannot access ‘/etc/ssl/openssl.cnf’: No such file or directory“. Make sure you have both files in their path and that environment variables are set.

If in case your openssl.cnf file is missing or unable to see, you can download openssl.cnf file from MIT (Massachusetts Institute of Technology). MIT provides a generic configuration file that you can use. You can download the file to these directories to fix the errors.

  • C:\Program Files\Common Files\SSL\

  • C:\Program Files\OpenSSL-Win64\bin\cnf\

If you set all these things, you are not going to see any issues in OpenSSL.

Bottom Line

Installing OpenSSL on Windows provides access to a robust cryptographic toolkit for secure communication and certificate management. This step-by-step guide covered downloading OpenSSL installers from the trusted third-party distributors, installing it on a Windows machine, setting up environment variables, and verifying the installation.

With OpenSSL added to your Windows desktop or server, you can now generate public/private key pairs, create and manage X.509 certificates, test SSL/TLS connections, implement encryption in your apps, and much more.

We hope this step-by-step procedure helps understand everything about the instillation of OpenSSL on a Windows machine. Thanks for reading this post. Please share this post and help secure the digital world. Visit our website, thesecmaster.com, and our social media page on FacebookLinkedInTwitterTelegramTumblrMedium, and Instagram and subscribe to receive updates like this.  

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Application Security

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe