OpenSSL for Microsoft Windows

When we build and ship Certify One and FireDaemon Fusion we try to ensure it contains the most recent version of OpenSSL. We thought it would be useful to make our OpenSSL Binary Distribution available for you to download and use in a standalone fashion or in your own software projects for free.

Download OpenSSL ZIP File
OpenSSL ZIP File Installation Instructions
Download OpenSSL 3.0 Windows Installer
OpenSSL Screenshot
OpenSSL Documentation
Checking SSL / TLS Certificate Validity with Certify One
Compiling OpenSSL From Source
Integrating OpenSSL with Your Visual Studio Project
- Additional Include Directories
- Additional Library Directories
Privilege Escalation Mitigation
Compatibility and Support Matrix
License, Warranty, and Support
Acknowledgments
Buy SSL / TLS Certificates

Download OpenSSL ZIP File

Download OpenSSL Binary Distribution for Microsoft Windows
Pre-compiled executables (EXE) and libraries (DLL) for Microsoft Windows Operating Systems. The distributions can be used standalone or integrated into any Windows application. The EXE and DLL are digitally signed with our Extended Validation (EV) EV code signing certificate.
Download OpenSSL 3.0.8 ZIP February 2023	Download OpenSSL 1.1.1t ZIP February 2023
For 64-bit / Win64 / x64 and 32-bit / Win32 / x86 Microsoft Windows Operating Systems OpenSSL maintains a list of 3rd-party maintained binary distributions of OpenSSL. Please review our Release Policy before downloading and using this distribution.

OpenSSL ZIP File Installation Instructions

Follow the instructions below if you have downloaded one of the ZIP files above and want to deploy OpenSSL manually (e.g. on the local hard disk or on a USB drive for a portable installation)
Download the appropriate FireDaemon OpenSSL Binary Distribution ZIP file via the links above.
Unpack the contents of the "openssl-1.1" or "openssl-3" folder in the respective ZIP file to a temporary directory (e.g. C:\Temp)
Copy the contents of (i.e. the files and directories contained within) the x64 folder or x86 folder to your target directory (e.g. C:\OpenSSL)
Copy the ssl folder and contents to the target directory (e.g. C:\OpenSSL).

The commands to copy the files correctly from the location where you unpacked the ZIP file (assuming C:\Temp) are as follows:

: For OpenSSL 1.1
cd C:\Temp\openssl-1.1

: For OpenSSL 3
cd C:\Temp\openssl-3

: Copy the binaries specific to your platform
: Copy 64-bit binaries
robocopy x64 C:\OpenSSL /E

: Copy 32-bit binaries
robocopy x86 C:\OpenSSL /E

: Copy the ssl folder
robocopy ssl C:\OpenSSL\ssl /E

Your directory structure should look as follows:

C:\OpenSSL>dir /b
bin
include
lib
ssl

To use OpenSSL, simply open an elevated Command Prompt then (adjusting the path in OPENSSL_HOME to suit your manual installation):

: You can set OPENSSL_HOME=%~dp0 in a batch script for portable installs
set OPENSSL_HOME=C:\OpenSSL
set OPENSSL_CONF=%OPENSSL_HOME%\ssl\openssl.cnf
set PATH=%OPENSSL_HOME%\bin;%PATH%
cd /d %OPENSSL_HOME%
openssl version -a

To create a certificate signing request and private key using the same environment variables as above :

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr -sha256
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Download OpenSSL 3.0 Windows Installer

Instead of downloading the ZIP file, and for convenience, you can download our Windows installer which will deploy OpenSSL 3.0 x64 (64-bit). OpenSSL is installed into the following file system locations. These locations are specified during the build and follow OpenSSL's own conventions. Thanks to Advanced Installer for helping us out.

%PROGRAMFILES%\FireDaemon OpenSSL 3
%PROGRAMFILES%\Common Files\FireDaemon SSL 3

OpenSSL Screenshot

Below is a screenshot showing the executed commands at an elevated command prompt:

FireDaemon OpenSSL 3 Command Line

OpenSSL Documentation

Please refer to OpenSSL's documentation.

Checking SSL / TLS Certificate Validity with Certify One

FireDaemon Certify One allows you to audit, check, inspect, and validate SSL / TLS certificates and certificate chains. Fortify also has a browser-based TLS Encryption Check Tool available.

Compiling OpenSSL From Source

Source

We directly pull from OpenSSL's official GitHub repository.

Release Policy

Whenever we release an updated version of FireDaemon Fusion, Certify One, or OpenSSL gets updated with security fixes, we will provide the latest tagged version of the OpenSSL stable branch. The currently deployed OpenSSL library is version 3.0.8 and 1.1.1t at commit openssl-3.0.8-0-g31157bc0b4 and OpenSSL_1_1_1t-0-g830bf8e1e4 respectively:

git describe --always --tag --long --first-parent --dirty

Compilation and Build Script

The actual command line to build OpenSSL is as follows (where %toolset% is VC-WIN32 and VC-WIN64A respectively):

perl ..\Configure %toolset% no-asm no-ssl3 no-zlib no-comp no-ui-console no-autoload-config --api=1.1.0 --prefix="%installdir%" --openssldir="%commoninstalldir%" -DOPENSSL_NO_DEPRECATED

For reference, the build script used to create the binary distributions is attached to this article. The build script has the following dependencies:

Integrating OpenSSL with Your Visual Studio Project

To use the headers and libraries present in OpenSSL in your Visual Studio project, you will need to configure the properties of your project.

Additional Include Directories

Prepend "C:\Program Files\FireDaemon Open SSL 3\include"; to Property Pages -> C/C++ -> General -> Additional Include Directories in your project per the screenshot below (adjusting the prepended path to suit your installation):

Visual Studio Project Property Pages Additional Include Directories

Additional Library Directories

Prepend "C:\Program Files\FireDaemon Open SSL 3\lib"; to Property Pages -> Linker -> General -> Additional Library Directories in your project per the screenshot below (adjusting the prepended path to suit your installation):

Visual Studio Project Property Pages Additional Library Directories

Privilege Escalation Mitigation

When building OpenSSL, the build scripts bake the default location of the library (ie. the installation directory) and the SSL configuration into the final product. By default, OpenSSL automatically loads the SSL configuration file from the default file system location. This leads to an easily exploitable privilege escalation scenario documented in CVE-2019-12572. Our build of OpenSSL mitigates this flaw using the following preventative measures:

The target directories we have chosen are Windows' default system program files directories assuming a 64-bit architecture with a shared configuration file directory common to both x64 and x86:
- x64: C:\Program Files\FireDaemon OpenSSL, C:\Program Files\Common Files\FireDaemon SSL
- x86: C:\Program Files (x86)\FireDaemon OpenSSL, C:\Program Files\Common Files\FireDaemon SSL
To mitigate security holes even on non-default installations, we build the library such that it doesn't automatically load the SSL configuration. Hence, when using the OpenSSL tools or the DLLs in your products you have to explicitly load the SSL configuration.
All FireDaemon software products that utilise OpenSSL initialise the OpenSSL library at runtime using a flag that prevents the loading of the default configuration.

Compatibility and Support Matrix

The table below provides a compatibility and support matrix, mapping specific compatible Microsoft Windows operating system versions to specific FireDaemon OpenSSL software versions.

OpenSSL Versions	OpenSSL 3.0 and OpenSSL 1.1.1
Windows Operating System Version	32-bit (x86)	64-bit (x64)
Windows XP ⁽¹⁾
Windows Vista ⁽¹⁾
Windows 7 ⁽¹⁾
Windows 8 ⁽¹⁾
Windows 8.1 ⁽¹⁾
Windows 10
Windows 11
Server 2008 ⁽²⁾
Server 2008 R2 ⁽²⁾
Server 2012
Server 2012 R2
Server 2016
Server 2019
Server 2022

(1) Windows Desktop Operating System is End of Support

(2) Windows Server Operating System is End of Support

Compatible / Supported	The software product is designed to be installed on the Microsoft Windows operating system version. The operating system version plus software version combination is actively supported by us on the proviso that the 32-bit (x86) version is deployed on a 32-bit (x86) operating system and the 64-bit (x64) version is deployed on a 64-bit (x64) operating system. Please see the License, Warranty, and Support section below.
Compatible / Unsupported	The software product should install on the Microsoft Windows operating system version. The operating system version plus software version combination is not supported by us. This is typically due to the operating system version reaching End of Support.
Incompatible / Unsupported	The software product should not or does not install on the Microsoft Windows operating system version or does not work. The operating system version plus software version combination is not supported by us.

License, Warranty, and Support

Our OpenSSL Binary Distribution is free to use and redistribute. Product use, redistribution, and warranty are governed by the OpenSSL License. If you have questions regarding OpenSSL, wish to report bugs, or require implementation guidance please consider joining the OpenSSL Community.

Acknowledgments

This product includes:

Software developed by the OpenSSL Project for use in the OpenSSL Toolkit
Cryptographic software written by Eric Young
Software written by Tim Hudson.

Buy SSL / TLS Certificates

How can we help you today?

OpenSSL 3.0 and 1.1.1 Binary Distributions for Microsoft Windows