On Tue, Jul 18, 2000 at 06:03:40PM -0400, Bill Rebey wrote:
> When executing the command
>
> openssl req -new -x509 -days 3650 -key CAPrivateKey.pem -out
> CACert.pem
>
> It fails complaining that the PRNG isn't seeded.
>
> There is no '-rand' option for 'req' like there is for other stuff, and I
> can't come up with a way to run two command simultaneously so that I might
> run "rand " or some other thing that seeds the PRNG.
>
> The problem is that I'm writing a shell script to automate some of this
> stuff for end users. I tried things like
>
> echo "req ...params..." > foo
> echo "rand ...params..." >> foo
> echo "quit" >> foo
> openssl < foo
>
> but that doesn't work at all.
You have to options:
- generate the key seperately, the generation tools have the -rand option
genrsa -rand blabla ... key.pem
req -inkey key.pem ...
- the problem has meanwhile been fixed, so you can also use a recent snapshot.
I would recommend (and use myself) the more portable first version.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]