By using AWS re:Post, you agree to the Terms of Use

How to install openSSL 1.1.1 on AWS EC2 linux system?

1

I have a script (unchanged in 4 years) that has been used to access an API that is behind an https URL. It is used each Jan-Feb. My AWS server is an EC2 dedicated server. This year, I suddenly find that script is not working (cannot verify certificate). (It is a perl script using HTTP::Request in the LWP family. And yes, the LWP::Protocol::https module is appropriately installed, along with SSLeahy.) I've checked the target site with my browser and with online cert checkers, and it is fine. So I'm pretty sure the problem is the expiration of openssl 1.0.2 last September. The target site is probably using only the 1.3 protocol version. However, my efforts to find a way to upgrade to openssl 1.1.1 have been unsuccessful. I found a note that AWS had posted the package openssl11, but when I try to get that using "sudo yum install," it doesn't find the package. So how do I get the new version installed on my EC2 server? Help please! This is an urgent issue.

2 Answers
0

Please post the exact error message you are seeing. Also, which Linux distribution are you using, exactly? (cat /etc/os-release).

If the site you are connecting to uses an SSL certificate from Lets Encrypt, you could be running into this issue as well: https://aws.amazon.com/premiumsupport/knowledge-center/ec2-expired-certificate/

answered 7 months ago
0

The error message is what I posted above: "cannot verify certificate." Further investigation suggested the site (which has been accessed by this identical script for years) might be requiring the newer version of the protocol which requires an update of openssl. But I can't install it. (I note that I was able to get the script to run finally by disabling host verification, but obviously that's only an emergency measure since we had to get this working).

The linux version info:

NAME: Amazon Linux AMI

Version: 2018.03

ID: amzn

ID_LIKE: rhel fedora

PRETTY NAME: Amazon Linux AMI 2018.03

CPE_NAME: cpe:/o:amazon:linux:2018.03:ga

answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions