OpenSSL for Microsoft Windows

OpenSSL 1.1.1 and 3.0 for Windows

When we build and ship Certify One and FireDaemon Fusion we try to ensure it contains the most recent version of OpenSSL. We thought it would be useful to make our OpenSSL Binary Distribution available for you to download and use in a standalone fashion or in your own software projects for free.

Table of Contents

Download OpenSSL ZIP File

Download OpenSSL Binary Distribution for Microsoft Windows
Pre-compiled executables (EXE) and libraries (DLL) for Microsoft Windows Operating Systems. The distributions can be used standalone or integrated into any Windows application. The EXE and DLL are digitally signed with our Extended Validation (EV) EV code signing certificate. The distributions depend on the Microsoft Visual Studio runtime which is included in the ZIP file.
OpenSSL 3.0 for Microsoft Windows
November 2022

OpenSSL 1.1.1 for Microsoft Windows November 2022

For 64-bit / Win64 / x64 / ARM64EC and 32-bit / Win32 / x86 Microsoft Windows Operating Systems

OpenSSL maintains a list of 3rd-party maintained binary distributions of OpenSSL.

Please review our Release Policy before downloading and using this distribution.

OpenSSL ZIP File Installation Instructions

  1. Follow the instructions below if you have downloaded one of the ZIP files above and want to deploy OpenSSL manually (e.g. on the local hard disk or on a USB drive for a portable installation)
  2. Download the appropriate FireDaemon OpenSSL Binary Distribution ZIP file via the links above.
  3. Unpack the contents of the "openssl-1.1" or "openssl-3" folder in the respective ZIP file to a temporary directory (e.g. C:\Temp)
  4. Copy the contents of (i.e. the files and directories contained within) the x64 folder or x86 folder to your target directory (e.g. C:\OpenSSL)
  5. Copy the ssl folder and contents to the target directory
  6. Copy the prerequisites folders and contents to the target directory
  7. Install the appropriate Visual Studio C++ Runtime found in the prerequisites folder. Install VC_redist.x64.exe on 64-bit systems. Install VC_redist.x86.exe on 32-bit systems.
  8. To use OpenSSL, simply open an elevated Command Prompt then (adjusting the path in OPENSSL_HOME to suit your manual installation):
REM You can set OPENSSL_HOME=%~dp0 in a batch script for portable installs
set OPENSSL_CONF=%OPENSSL_HOME%\ssl\openssl.cnf
openssl version -a

To create a certificate signing request and private key using the same environment variables as above :

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr -sha256
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Download OpenSSL 3.0 Windows Installer

Instead of downloading the ZIP file, and for convenience, you can download our Windows installer which will deploy OpenSSL 3.0 x64 (64-bit). OpenSSL is installed into the following file system locations. These locations are specified during the build and follow OpenSSL's own conventions. Thanks to Advanced Installer for helping us out.

%PROGRAMFILES%\Common Files\FireDaemon SSL 3

OpenSSL Screenshot

Below is a screenshot showing the executed commands at an elevated command prompt:

FireDaemon OpenSSL 3 Command Line

OpenSSL Documentation

Please refer to OpenSSL's documentation.

Checking SSL / TLS Certificate Validity with Certify One

FireDaemon Certify One allows you to audit, check, inspect, and validate SSL / TLS certificates and certificate chains. Fortify also has a browser-based TLS Encryption Check Tool available.

Compiling OpenSSL From Source


We directly pull from OpenSSL's official GitHub repository.

Release Policy

Whenever we release an updated version of FireDaemon Fusion, Certify One, or OpenSSL gets updated with security fixes, we will provide the latest tagged version of the OpenSSL stable branch. The currently deployed OpenSSL library is version 3.0.7 and 1.1.1s at commit openssl-3.0.7-0-g19cc035b6c and OpenSSL_1_1_1s-0-g129058165d respectively:

git describe --always --tag --long --first-parent --dirty

Compilation and Build Script

The actual command line to build OpenSSL is as follows (where %toolset% is VC-WIN32 and VC-WIN64A respectively):

perl ..\Configure %toolset% no-asm no-ssl3 no-zlib no-comp no-ui-console no-autoload-config --api=1.1.0 --prefix="%installdir%" --openssldir="%commoninstalldir%" -DOPENSSL_NO_DEPRECATED

For reference, the build script used to create the binary distributions is attached to this article. The build script has the following dependencies:


The OpenSSL binary distribution depends on the Microsoft Visual Studio runtime. The OpenSSL 1.1.1 binaries are built with the Microsoft Visual C++ (MSVC) 14.29 compiler and toolset. The OpenSSL 3 binaries are built with the Microsoft Visual C++ (MSVC) 14.33 compiler and toolset. The external dependency creates much smaller modules and .pdb files and integrates nicely with FireDaemon Fusion and Certify One. We believe that this shouldn't be problematic since the MSVC 14.3 runtime is binary compatible with applications built using the MSVC 14.0 or 14.1 runtimes, and once installed the Universal C Runtime (CRT) is subject to automatic Windows updates.

Integrating OpenSSL with Your Visual Studio Project

To use the headers and libraries present in OpenSSL in your Visual Studio project, you will need to configure the properties of your project.

Additional Include Directories

Prepend "C:\Program Files\FireDaemon Open SSL 3\include"; to Property Pages -> C/C++ -> General -> Additional Include Directories in your project per the screenshot below (adjusting the prepended path to suit your installation):

Visual Studio Project Property Pages Additional Include Directories

Additional Library Directories

Prepend "C:\Program Files\FireDaemon Open SSL 3\lib"; to Property Pages -> Linker -> General -> Additional Library Directories in your project per the screenshot below (adjusting the prepended path to suit your installation):

Visual Studio Project Property Pages Additional Library Directories

Privilege Escalation Mitigation

When building OpenSSL, the build scripts bake the default location of the library (ie. the installation directory) and the SSL configuration into the final product. By default, OpenSSL automatically loads the SSL configuration file from the default file system location. This leads to an easily exploitable privilege escalation scenario documented in CVE-2019-12572. Our build of OpenSSL mitigates this flaw using the following preventative measures:

  • The target directories we have chosen are Windows' default system program files directories assuming a 64-bit architecture with a shared configuration file directory common to both x64 and x86:
    • x64: C:\Program Files\FireDaemon OpenSSL, C:\Program Files\Common Files\FireDaemon SSL
    • x86: C:\Program Files (x86)\FireDaemon OpenSSL, C:\Program Files\Common Files\FireDaemon SSL
  • To mitigate security holes even on non-default installations, we build the library such that it doesn't automatically load the SSL configuration. Hence, when using the OpenSSL tools or the DLLs in your products you have to explicitly load the SSL configuration.
  • All FireDaemon software products that utilise OpenSSL initialise the OpenSSL library at runtime using a flag that prevents the loading of the default configuration.

License, Warranty, and Support

Our OpenSSL Binary Distribution is free to use and redistribute. Product use, redistribution, and warranty are governed by the OpenSSL License. If you have questions regarding OpenSSL, wish to report bugs, or require implementation guidance  please consider joining the OpenSSL Community.


This product includes:

Buy SSL / TLS Certificates

Buy SSL / TLS Certificates