How to update OpenSSL bundled with Icinga 2 on Windows?

The latest high-severity security holes also affect the version bundled with Icinga 2 on Windows. But a minor Icinga 2 version is not planned, yet. How to update OpenSSL on 64-bit systems?

1 Like
  1. Enter %ProgramFiles%\ICINGA2\sbin into the Explorer’s address bar and hit enter.
  2. Right-click libssl-1_1-x64.dll and select Properties.
  3. Under Details check the Product version. If it’s not affected, don’t touch the running system. Otherwise proceed.
  4. Navigate here, download and install the Win64 OpenSSL v1.1 MSI.
  5. Locate the newly installed DLLs, e.g. by searching for libssl-1_1-x64 via Explorer.
  6. Open their directory, e.g. by right-click and Open file location in Explorer search context.
  7. Verify the desired versions of libcrypto-1_1-x64.dll and libssl-1_1-x64.dll as above (2-3).
  8. Open services.msc, locate and stop Icinga 2.
  9. Backup the old DLLs from the sbin folder.
  10. Copy the new ones into the sbin folder, replacing the old ones.
  11. Verify the changes had the desired effect by running & "$Env:ProgramFiles\ICINGA2\sbin\icinga2.exe" --version via PowerShell. Check the OpenSSL version there.
  12. Start Icinga 2 again.

At your option:

  • re-use the DLLs installed once to patch all systems
  • uninstall OpenSSL
1 Like

Alternative solution