I am trying to run the command line /usr/local/ssl/bin/openssl -req -new -nodes -keyout private.key -out public.csr to create a verisign certificate. I am getting the PRNG not seeded error message. How do I create a .rand file? Any suggestions? Thanks
I read the faq, not a lot of help: [USER] 1. Why do I get a "PRNG not seeded" error message? Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a "randomness device" that serves this purpose. On other systems, applications have to call the RAND_add() <../docs/crypto/RAND_add.html> or RAND_seed() function with appropriate data before generating keys or performing public key encryption. (These functions initialize the pseudo-random number generator, PRNG.) Some broken applications do not do this. As of version 0.9.5, the OpenSSL functions that need randomness report an error if the random number generator has not been seeded with at least 128 bits of randomness. If this error occurs, please contact the author of the application you are using. It is likely that it never worked correctly. OpenSSL 0.9.5 and later make the error visible by refusing to perform potentially insecure encryption. On systems without /dev/urandom and /dev/random, it is a good idea to use the Entropy Gathering Demon (EGD); see the RAND_egd() <../docs/crypto/RAND_egd.html> manpage for details. Starting with version 0.9.7, OpenSSL will automatically look for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and /etc/entropy. Most components of the openssl command line utility automatically try to seed the random number generator from a file. The name of the default seeding file is determined as follows: If environment variable RANDFILE is set, then it names the seeding file. Otherwise if environment variable HOME is set, then the seeding file is $HOME/.rnd. If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will use file .rnd in the current directory while OpenSSL 0.9.6a uses no default seeding file at all. OpenSSL 0.9.6b and later will behave similarly to 0.9.6a, but will use a default of "C:\" for HOME on Windows systems if the environment variable has not been set. If the default seeding file does not exist or is too short, the "PRNG not seeded" error message may occur. The openssl command line utility will write back a new state to the default seeding file (and create this file if necessary) unless there was no sufficient seeding. Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. Use the "-rand" option of the OpenSSL command line tools instead. The $RANDFILE environment variable and $HOME/.rnd are only used by the OpenSSL command line tools. Applications using the OpenSSL library provide their own configuration options to specify the entropy source, please check out the documentation coming the with application. For Solaris 2.6, Tim Nibbe <[EMAIL PROTECTED]> and others have suggested installing the SUNski package from Sun patch 105710-01 (Sparc) which adds a /dev/random device and make sure it gets used, usually through $RANDFILE. There are probably similar patches for the other Solaris versions. However, be warned that /dev/random is usually a blocking device, which may have some effects on OpenSSL. Seth Rosner Webmaster - OpenTV.com <<...OLE_Obj...>> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
