The openssl command is frequently used to automate many certificate functions on Linux. I was recently working with a colleague who was very frustrated with the number of hoops they had to jump through to do similar things on Windows. “Why can’t there just be an openssl command for Windows?” was the general sense of their frustrations. Well, there is, but they can be painstaking to get onto a Windows machine for a just a few automation commands. Enter the LibreSSL Chocolatey package…
One Binary - No Cygwin
LibreSSL is that it is a self-contained Windows port, requiring only a single binary. Many Windows ports of openssl require the CYGWIN subsystem. In my mind having to install an entire subsystem to get a single automation command redoubles my frustrations. LibreSSL is a native Windows binary and is ready to go by itself.
Favorable Distribution Rights & Export Restrictions
LibreSSL is part of OpenBSD. The OpenBSD project is located in Canada - whose cryptography laws do not geographically restrict the distribution of OpenSSL. Additionally, the redistribution rights allow for packaging into package managers like Chocolatey.
Chocolatey Helpfulness
Chocolatey has a lot of awesome benefits to DevOps style software deployment automation. One of the coolest things it adds for automation dependencies is automatic, immediate availability of simple installs like dropping a single EXE. So when you use the chocolatey package, as soon as it is done processing the “openssl” command is available for use in the same shell session. A great way to work with automation dependencies.
Installing
With Chocolatey Is Already Installed
choco install -confirm libressl
In-line Install of Chocolatey And LibreSSL
If (!(Test-Path env:chocolateyinstall)) {iwr https://chocolatey.org/install.ps1 -UseBasicParsing | iex} ; cinst -confirm libressl
Acknowledgements
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com) This product includes software written by Tim Hudson (tjh@cryptsoft.com)