Re: Newbie with RANDFILE

James L. Morris Thu, 06 Jun 2002 23:51:25 -0700

I just went went through this!

It may have to do with the fact that Solaris 8 and below does not have
support for random number generation.
http://wwws.sun.com/software/solaris/fcc/fcc.html


After several hours of frustration, I found some instructions that work!
I'll save you some grief:

You must install Openssl if you have not already.  I'm using
OpenSSL 0.9.6c 21 dec 2001.

Openssl would normally be installed in /usr/local ... be sure and
update your $PATH to include /usr/local/ssl/bin.

While in /usr/local/ssl/misc:

1.  Using vi, create file named rand.text
        (just a text file with 5 or so lines of random characters).
2.  openssl des3 -in rand.text -out rand.dat
3.  openssl genrsa -des3 -out server.key 1024
4.  openssl req -new -key server.key -out server.csr
5.  openssl x509 -req -days 365 -in server.csr -signkey
        server.key -out server.crt
6.  I used the ssl.conf file to start with (cp ssl.conf httpd.conf)
7.  add User nobody Group nobody to httpd.conf
8.  point SSLCertificateFile and SSLCertificateKeyFile to appropriate path
in the httpd.conf file
9.  ./apachectl startssl

It worked for me.  Let me know how it goes.

Thanks
Jim



----- Original Message -----
From: "Jeff Landers" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 06, 2002 5:36 PM
Subject: Newbie with RANDFILE


> OK, I give up. What am I doing wrong? Apache 2.036 trying to on Solaris 8.
Everything seems fine during install. egd working. Random file is
/var/spool/prngd/pool. Pointed the RANDFILE at the file in openssl.conf. but
keep getting the following.
>
> I searched the archives but no luck.
>
> ./CA.sh -newca
>
> Making CA certificate ...
> Using configuration from /usr/local/ssl/openssl.cnf
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Consider setting the RANDFILE environment variable to point at a file that
> 'random' data can be kept in (the file will be overwritten).
> Generating a 1024 bit RSA private key
> 10175:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded:md_rand.c:501:You need to read the OpenSSL FAQ,
http://www.openssl.org/support/faq.html
> 10175:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Re: Newbie with RANDFILE

Reply via email to