Compiling OpenSSL 1.1 - certs directory is empty, how to obtain?

Pete Cooper pete at
Sat Aug 24 17:09:53 UTC 2019

I’m successfully compiling OpenSSL 1.1.1c from source for PHP-FPM to use in preference to the system-native OpenSSL (1.0.*).

I’m installing OpenSSL 1.1.1c to /etc/php/shared/openssl with the following configure flags (split for clarity):

./config \
--openssldir=/etc/php/shared/openssl \
--prefix=/etc/php/shared/openssl \
-fstack-protector-strong \
-Wl,-rpath,/etc/php/shared/openssl/lib \
no-ssl2 \
no-ssl3 \
no-weak-ssl-ciphers \

The `config` and subsequent `make` complete without any visible issues shown. However, /etc/php/shared/openssl/certs is an empty directory.

The system-native OpenSSL uses /etc/ssl/certs for its *.pem files, and there are >250 of them in that directory.

Are there OpenSSL compile flags to explicitly build or obtain the current up-to-date *.pem files for my PHP-only OpenSSL build, or should be looking elsewhere?

Thank you in advance, and best wishes.

Pete Cooper
pete at

Please note: my working hours may not be your working hours. Please do not feel obligated to reply outside of your normal work schedule.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list