How do I make OpenSSL write the RANDFILE on Windows Vista?

Question

When I run:

openssl genrsa -out mykey.key 2048

I get the following error:

unable to write 'random state'
    e is 65537 (0x10001)

My googling suggests this is some kind of Vista permissions issue. How can I allow Vista to write this file or how can I configure openssl to get round it?

possible duplicate of [Using openssl what does "unable to write 'random state'" mean?](http://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean) — jww, Aug 13 '14 at 12:59

score 62 · Answer 1 · answered Jun 17 '10 at 00:26

The root issue is that the RANDFILE variable in the OpenSSL configuration file is ignored on Windows. This has been a long-standing problem that continues to exist as of the OpenSSL v1.0a release, regardless of whether the target Windows platform is x86 or x64.

There is a delightfully simple solution, though. Merely use a regular environmental var to set the RANDFILE value, like

set RANDFILE=.rnd

Because this value is ephemeral, it must be re-issued for every new DOS box, or scripted in a batch file.

This fixed my issue on Windows 7 as well. – Tyler Egeto Aug 09 '11 at 16:46 — Tyler Egeto, Aug 09 '11 at 16:46

score 4 · Answer 2 · edited May 23 '17 at 10:29

4

I found this that might help: Using OpenSSL what does "unable to write 'random state'" mean?

also, here: http://adamyoung.net/OpenSSL-unable-to-write-random-state

there is a suggestion here http://www.mail-archive.com/openssl-users@openssl.org/msg51344.html on how to get it working in vista.

find the location of cmd.exe, right click and run as administrator

edited May 23 '17 at 10:29

Community

1
1

answered Feb 09 '10 at 14:31

John Boker

82,559
17
97
130

It doesn't allow me to change the permissions for cmd.exe – Iain Feb 09 '10 at 14:36

score 3 · Answer 3 · answered May 01 '13 at 13:23

I had the same issue but for Windows 7. Easily solved, I created a system Environment Variable called HOME and set it to the directory I wanted my .rnd file in. This solved the issue because OpenSSL didn't know where my .rnd file was (because I didn't have one) and it didn't know where to put it if it was to create it. As soon as I set my environment variable HOME with a directory (c:\ is fine!) I reran my key generation in OpenSSL and it worked straight off. To verify, I checked the key I had created and it had proper content. I also checked the directory I set my HOME environment variable to, and lo and behold a .rnd file was sat there! Hope this helps someone :-)

score 0 · Answer 4 · answered Aug 20 '14 at 18:00

The issue is that the script is missing some access rights or cant find the file.

The solution:

Create a system variable with the name RANDFILE and the value %USERPROFILE%.rnd

Notice the %USERPROFILE%, is a system variable that automatic inserts the path to your user profile.

score 0 · Answer 5 · edited Dec 22 '12 at 23:38

0

Add a HOME variable into your environment variables.

edited Dec 22 '12 at 23:38

Dave Clemmer

3,741
12
49
72

answered May 11 '10 at 06:02

zengkun100

53
1
5

How do I make OpenSSL write the RANDFILE on Windows Vista?

5 Answers5

Linked