115

I am generating a self-signed SSL certificate with OpenSSL (not makecert), for use in IIS.

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '//CN=myhost'

(The double slash is correct. The command above does not work without that.)

openssl pkcs12 -export -out key.pfx -inkey key.pem -in cert.pem -name 'myhost'

The first command runs completes successfully. However the second get stuck with

Loading 'screen' into random state -

I am using OpenSSL (1.0.2d) that comes with Git for Windows (2.6.3). Anyone experiences the same issue?

Clarification: Question How to fix "unable to write 'random state' " in openssl describes different -- problem with writing the the .rnd file. Here the problem seems to be generating the random state. (And only in the second command.)

Aserre
  • 4,916
  • 5
  • 33
  • 56
TN.
  • 18,874
  • 30
  • 99
  • 157
  • Have you tried with another version of OpenSSL (they have standalone builds) ? – Iansus Dec 09 '15 at 13:52
  • No. (Finally, I have used MakeCert instead.) – TN. Dec 09 '15 at 15:35
  • 1
    Possible duplicate of [How to fix "unable to write 'random state' " in openssl](http://stackoverflow.com/questions/12507277/how-to-fix-unable-to-write-random-state-in-openssl). In addition, there are a couple of bugs on Windows; see [Random Numbers | Windows Issues](https://wiki.openssl.org/index.php/Random_Numbers#Windows_Issues) on the OpenSSL wiki. Finally, `/CN=myhost` is probably wrong; see [How to create a self-signed certificate with openssl?](http://stackoverflow.com/a/27931596/608639) – jww Dec 11 '15 at 23:52

3 Answers3

326

Please try to add winpty before oppenssl: 

winpty openssl ...

or you can run a new bash wrapped by winpty:

winpty bash

In the windows console, there is some problem with terminal input/output so winpty can help if some software requires unix terminal behavior.

winpty helped me to run openssl in this environment:

git version 2.7.3.windows.1
OpenSSL 1.0.2g  1 Mar 2016
Kevin
  • 16,549
  • 8
  • 60
  • 74
Slawomir Jaranowski
  • 7,381
  • 3
  • 25
  • 33
  • 5
    This answer and @Duncan Smart's answer are interchangable. When exporting a PFX file, OpenSSL prompts for a password, but apparently the terminal in Git for Windows can't handle this I/O so the command just hangs. Preceding the command with `winpty` wraps the command so that I/O works correctly, whereas passing `-passout` means OpenSSL no longer has to ask for a password. – Rabadash8820 Mar 19 '20 at 19:42
  • 1
    It took 30 years, but the powershell console that ships with Windows 10 is finally capable of half-decent ANSI/VT emulation, see https://devblogs.microsoft.com/commandline/new-experimental-console-features/ . The openssl password prompt works correctly when run from the powershell console, you can run an editor over an ssh connection without corrupting every file you open, and you can cut and paste. You can even *resize the terminal window*. Now if I can only get rid of the unbearable "wake the dead" console beep... – Robert Calhoun Apr 09 '21 at 16:11
105

I found that I needed to specify the PFX password on the command line using -passout pass:SomePassword - e.g.:

openssl pkcs12 -export -out foo_example_com.pfx -inkey foo_example_com.key -in foo_example_com.crt -passout pass:Pa55w0rd
Duncan Smart
  • 31,172
  • 10
  • 68
  • 70
1

Recently I hit the same when running openssl in an azure ubuntu VM over ssh from a windows 10 laptop. I tried openssl for windows also from windows command prompt and powershell. The root cause behind this seems to be terminal compatibility of openssl when using from windows command prompt.

I found that wsl (windows-subsystem-linux) based shell seem to be good and command goes through proper prompt instead of seem-to-be-hung. Steps here will be

  1. Install ubuntu on windows
  2. launch windows command prompt. Use wsl command to launch bash shell.
  3. openssl tool is already available in this shell. it should give the password and verify password prompts.

openssl pkcs12 command

Sushil
  • 5,265
  • 2
  • 17
  • 15