Once the OpenSSL library is installed, you can make use of it, for preparing self signed certificates, chain certificates within each other, removing secrets from private keys, with the available API and all the blessing comming with that library. Sometimes it is just more convinient to perform it outside of the Mikrotik or NetScaler box, especially for one who is not doing this in regular basis.
- preferably, machine with linux
- Install Centos
- Install Management tools
sudo mount /dev/cdrom /mnt sudo bash /mnt/Linux/install.sh -d rhel -m 8 sudo umount /dev/cdrom
- Compile OpenSSL from sources
# Install prereq packages and libraries yum group install 'Development Tools' yum install perl-core zlib-devel -y #download openssl - at this point of time 1.1.1n wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1n.tar.gz tar -xf openssl-1.1.1n.tar.gz cd openssl-1.1.1n openssl version -a # 1.1.1k in the system # now the existing version is replaced by the one downloaded ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl shared zlib make make test # wait until the compilation process ends # once completed, install OpenSSL make install # configure shared libraries for OpenSSL cd /etc/ld.so.conf.d/ nano openssl-1.1.1n.conf # paste the openssl library path directory /usr/local/ssl/lib # reload dynamic link ldconfig -v # configure openSSL binary, to have it linked with the version compiled mv /bin/openssl /bin/openssl.org # create new environment for OpenSSL nano /etc/profile.d/openssl.sh # paste following content #Set OPENSSL_PATH OPENSSL_PATH="/usr/local/ssl/bin" export OPENSSL_PATH PATH=$PATH:$OPENSSL_PATH export PATH # save and exit # add execute permissions to openssl.sh chmod +x /etc/profile.d/openssl.sh # load OpenSSL environment and check the PATH bin directory source /etc/profile.d/openssh.sh echo $PATH which openssl # should result as /usr/local/ssl/bin/openssl # it would mean thatn OpenSSL on CentOS has been updated openssl version # should result with 1.1.1n
It may be far from being perfect, never the less good enough for a home lab.
Tested on Cento8 Stream. OpenSSL 1.1.1n.
Last update: 2022.04.18