Solaris 7 & 8: Problem and solution with mod_ssl and PRNGD when updatingto 1.3.27
Hi folks, I am curently updating all my apache server to the newest version of apache/mod_ssl/openssl, at least I tried until I found the solution. I get an error when starting the freshly compiled apache 1.3.27 with config from 1.3.26: [Fri Nov 22 11:56:43 2002] [error] mod_ssl: Init: Failed to generate temporary 5 12 bit RSA private key (OpenSSL library error follows) [Fri Nov 22 11:56:43 2002] [error] OpenSSL: error:24064064:random number generat or:SSLEAY_RAND_BYTES:PRNG not seeded [Fri Nov 22 11:56:43 2002] [error] OpenSSL: error:04069003:rsa routines:RSA_gene rate_key:BN lib I know this is because under Solaris<9 there is no /dev/(u)random. So I use the prngd daemon by Lutz Jaenicke since ever. My working configuration in httpd.conf from version 1.3.26/2.8.10 is: SSLRandomSeed startup egd:/etc/egd-pool SSLRandomSeed connect egd:/etc/egd-pool But this does not work with 1.3.27/2.8.12 obviously. The solution is appendig the bytes you wish to get from prngd: SSLRandomSeed startup egd:/etc/egd-pool 512 SSLRandomSeed connect egd:/etc/egd-pool 512 As far as I searched this is not documented. Please can anyone insert this into the documentation chapter 3? Thanks and regards Alex Kuehne __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: self signed certificate
> -Original Message- > From: Jan Staschulat [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 13, 2003 2:12 PM > To: [EMAIL PROTECTED] > Subject: self signed certificate > > > Hi, I have problems creating a self signed certificate. > I'm using OpenSSL 0.9.7a on SunOS 5.7 sparc SUNW,Ultra-2 > I went through the description of FAQ-page: > http://www.corserv.com/freebsd/apache-ssl-howto.html > > OpenSSL quits with the error when I want to sign the server.csr: > > $> openssl ca -config ca.config -out server.crt -infiles server.csr > ... > Sign the certificate? [y/n]:y > failed to update database > TXT_DB error number 2 > > I searched on google and found the same question on the modssl-users > mailing list (Dez 2002) , which is still unanswered: > > http://www.mail-archive.com/[EMAIL PROTECTED]/msg15877.html Hello, don't mess with openssl. Please refer to http://www.modssl.org/docs/2.8/ssl_faq.html#ToC29. There is a script sign.sh in the contrib dir of modssl source package. Best regards Alex Kuehne -- Network Manager, SAG, Berlin, Germany __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
