I just went went through this! It may have to do with the fact that Solaris 8 and below does not have support for random number generation. http://wwws.sun.com/software/solaris/fcc/fcc.html
After several hours of frustration, I found some instructions that work! I'll save you some grief: You must install Openssl if you have not already. I'm using OpenSSL 0.9.6c 21 dec 2001. Openssl would normally be installed in /usr/local ... be sure and update your $PATH to include /usr/local/ssl/bin. While in /usr/local/ssl/misc: 1. Using vi, create file named rand.text (just a text file with 5 or so lines of random characters). 2. openssl des3 -in rand.text -out rand.dat 3. openssl genrsa -des3 -out server.key 1024 4. openssl req -new -key server.key -out server.csr 5. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt 6. I used the ssl.conf file to start with (cp ssl.conf httpd.conf) 7. add User nobody Group nobody to httpd.conf 8. point SSLCertificateFile and SSLCertificateKeyFile to appropriate path in the httpd.conf file 9. ./apachectl startssl It worked for me. Let me know how it goes. Thanks Jim ----- Original Message ----- From: "Jeff Landers" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 06, 2002 5:36 PM Subject: Newbie with RANDFILE > OK, I give up. What am I doing wrong? Apache 2.036 trying to on Solaris 8. Everything seems fine during install. egd working. Random file is /var/spool/prngd/pool. Pointed the RANDFILE at the file in openssl.conf. but keep getting the following. > > I searched the archives but no luck. > > ./CA.sh -newca > > Making CA certificate ... > Using configuration from /usr/local/ssl/openssl.cnf > unable to load 'random state' > This means that the random number generator has not been seeded > with much random data. > Consider setting the RANDFILE environment variable to point at a file that > 'random' data can be kept in (the file will be overwritten). > Generating a 1024 bit RSA private key > 10175:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:501:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html > 10175:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182: > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]