Once the OpenSSL library is installed, you can make use of it, for preparing self signed certificates, chain certificates within each other, removing secrets from private keys, with the available API and all the blessing comming with that library. Sometimes it is just more convinient to perform it outside of the Mikrotik or NetScaler box, especially for one who is not doing this in regular basis.

Prerequisites

• preferably, machine with linux

Background

• Details about OpenSSL can be found on github
• All releases can be found here

Howto

1. Install Centos
2. Install Management tools

   sudo mount /dev/cdrom /mnt
   sudo bash /mnt/Linux/install.sh -d rhel -m 8
   sudo umount /dev/cdrom
   

3. Compile OpenSSL from sources

   # Install prereq packages and libraries
   yum group install 'Development Tools'
   yum install perl-core zlib-devel -y
   #download openssl - at this point of time 1.1.1n
   wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1n.tar.gz
   tar -xf openssl-1.1.1n.tar.gz
   cd openssl-1.1.1n
   openssl version -a
   # 1.1.1k in the system
   # now the existing version is replaced by the one downloaded
   ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib
   make
   make test
   # wait until the compilation process ends
   # once completed, install OpenSSL
   make install
   # configure shared libraries for OpenSSL
   cd /etc/ld.so.conf.d/
   nano openssl-1.1.1n.conf
   # paste the openssl library path directory
   /usr/local/ssl/lib
   # reload dynamic link
   ldconfig -v
   # configure openSSL binary, to have it linked with the version compiled
   mv /bin/openssl /bin/openssl.org
   # create new environment for OpenSSL
   nano /etc/profile.d/openssl.sh
   # paste following content
   #Set OPENSSL_PATH
   OPENSSL_PATH="/usr/local/ssl/bin"
   export OPENSSL_PATH
   PATH=$PATH:$OPENSSL_PATH
   export PATH
   # save and exit
   # add execute permissions to openssl.sh
   chmod +x /etc/profile.d/openssl.sh
   # load OpenSSL environment and check the PATH bin directory
   source /etc/profile.d/openssh.sh
   echo $PATH
   which openssl
   # should result as /usr/local/ssl/bin/openssl
   # it would mean thatn OpenSSL on CentOS has been updated
   openssl version
   # should result with 1.1.1n
   

Summary

It may be far from being perfect, never the less good enough for a home lab.
Tested on Cento8 Stream. OpenSSL 1.1.1n.
Last update: 2022.04.18