I want to generate a server certificate using Windows Open SSL.
When I run this command line, it appear this error. What should I do?
Command
:
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
Error:
Can't load ./.rnd into RNG 10504:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto\rand\randfile.c:98:Filename=./.rnd
I also try to find openssl config file, but no, I don't have that file.
Try removing or commenting RANDFILE = $ENV::HOME/.rnd line in /etc/ssl/openssl.cnf
I had this problem when using the OpenVPN Road Warrior script on Ubuntu 18.04.
The solution was to create the file manually, after that the script worked perfectly.
First cd to the right directory. Then create the file yourself by calling openssl and telling it to produce random bytes with rand and to write to a file called .rnd using the -writerand option, as follows
cd /etc/openvpn/easy-rsa/pki
openssl rand -writerand .rnd
For more info see openssl man page https://www.openssl.org/docs/man1.1.1/man1/openssl-rand.html
The reason: "the -rand" option tells by default to use random file .rnd somewhere in your OS. Since user issues to use .rnd file which does not exist!!!!
Remedy: add -writerand to write the .rnd file if does not exist.
For Example:
root@CentOS:/usr/local/etc/openldap/private # openssl genrsa -rand -genkey -out cert.key 2048
Can't load -genkey into RNG
546983936:error:2406F079:random number generator:RAND_load_file:Cannot open file:/usr/src/crypto/openssl/crypto/rand/randfile.c:98:Filename=-genkey
After adding -writerand
root@CentOS:/usr/local/etc/openldap/private # openssl genrsa -writerand -genkey -out cert.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...........................+++++
..............+++++
e is 65537 (0x010001)
root@CentOS:/usr/local/etc/openldap/private #
I myself will bump into this error again. And ofcourse I will check StackOverflow ( R6000 ha ha ) first!!!
