Once the OpenSSL library is installed, you can make use of it, for preparing self signed certificates, chain certificates within each other, removing secrets from private keys, with the available API and all the blessing comming with that library. Sometimes it is just more convinient to perform it outside of the Mikrotik or NetScaler box, especially for one who is not doing this in regular basis.


  • preferably, machine with linux


  • Details about OpenSSL can be found on github
  • All releases can be found here


  1. Install Centos
  2. Install Management tools
    sudo mount /dev/cdrom /mnt
    sudo bash /mnt/Linux/install.sh -d rhel -m 8
    sudo umount /dev/cdrom
  3. Compile OpenSSL from sources
    # Install prereq packages and libraries
    yum group install 'Development Tools'
    yum install perl-core zlib-devel -y
    #download openssl - at this point of time 1.1.1n
    wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1n.tar.gz
    tar -xf openssl-1.1.1n.tar.gz
    cd openssl-1.1.1n
    openssl version -a
    # 1.1.1k in the system
    # now the existing version is replaced by the one downloaded
    ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
    make test
    # wait until the compilation process ends
    # once completed, install OpenSSL
    make install
    # configure shared libraries for OpenSSL
    cd /etc/ld.so.conf.d/
    nano openssl-1.1.1n.conf
    # paste the openssl library path directory
    # reload dynamic link
    ldconfig -v
    # configure openSSL binary, to have it linked with the version compiled
    mv /bin/openssl /bin/openssl.org
    # create new environment for OpenSSL
    nano /etc/profile.d/openssl.sh
    # paste following content
    export OPENSSL_PATH
    export PATH
    # save and exit
    # add execute permissions to openssl.sh
    chmod +x /etc/profile.d/openssl.sh
    # load OpenSSL environment and check the PATH bin directory
    source /etc/profile.d/openssh.sh
    echo $PATH
    which openssl
    # should result as /usr/local/ssl/bin/openssl
    # it would mean thatn OpenSSL on CentOS has been updated
    openssl version
    # should result with 1.1.1n


It may be far from being perfect, never the less good enough for a home lab.
Tested on Cento8 Stream. OpenSSL 1.1.1n.
Last update: 2022.04.18