04-05-2002 11:18 AM
13909:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:501:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
13909:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:
In looking at the above URL in the error message, I was led to this page:
Which gives this example:
SSLRandomFile file /dev/urandom 1024
I can't figure out what that means or what I'm supposed to do with it. I've changed a line in the Configuration file from:
But still cannot make the certificate. The /dev/urandom device (nor /dev/random) exist on this box.
Solved! Go to Solution.
04-05-2002 11:27 AM
This earlier thread might help:
04-05-2002 11:34 AM
04-05-2002 11:38 AM
I created my own certicate using the following process.
#./openssl req -new -keyout myprivate.key -out mypublic.csr
Answer few questions here...
#./openssl rsa -in myprivate.key -out my.cert.key
#./openssl x509 -in mypublic.csr -out my.cert.cert -req -signkey my.cert.key -d
This worked for me.
04-05-2002 11:44 AM
Well, w/o /dev/random ( as almost all other flavors have) we HPers are stuck with random(3m) which of course is ueseless cryptographically.
Good luck - I suggest you call/write the Apache folks & gently remind them you're installing on HP-UX & ask them what the heck you're supposed to do w/o a /dev/random?
04-05-2002 11:49 AM
When I try what was successful for you I get the same error:
./openssl req -new -keyout myprivate.key -out mypublic.csr
Using configuration from /usr/local/ssl/openssl.cnf
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Generating a 1024 bit RSA private key
14805:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:501:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
14805:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:
04-05-2002 12:22 PM
Sorry I didn't read your message clearly. I knew I had this problem as on HP you don't have /dev/random. There is a work around for it if I remember correctly, it will initialize a .rnd file in root's home.
Take three more test files and compress them. You can use files like /var/adm/sw/swagent.log etc.,
Use the command
#openssl genrsa -des3 -rand file1.Z:file2.Z:file3.Z -out my.key 1024.
After generating the key, verify if you have the file .rnd in your home directory. You should not get this error from then onwards.