https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698267#M57280 Jeff - I'll probably have to do that. Thanks.<BR /><BR />Sri,<BR /><BR />When I try what was successful for you I get the same error:<BR /><BR />./openssl req -new -keyout myprivate.key -out mypublic.csr<BR />Using configuration from /usr/local/ssl/openssl.cnf<BR />unable to load 'random state'<BR />This means that the random number generator has not been seeded<BR />with much random data.<BR />Generating a 1024 bit RSA private key<BR />14805:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:501:You need to read the OpenSSL FAQ, <A href="http://www.openssl.org/support/faq.html" target="_blank">http://www.openssl.org/support/faq.html</A><BR />14805:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:<BR /><BR /><BR /> Fri, 05 Apr 2002 19:49:28 GMT Jim Loucks 2002-04-05T19:49:28Z https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698261#M57274 In trying to get Apache and open-ssl running, one of the last steps is to "make certificate" in the ...apache/src directory. The make returns the following error:<BR /><BR />13909:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:501:You need to read the OpenSSL FAQ, <A href="http://www.openssl.org/support/faq.html" target="_blank">http://www.openssl.org/support/faq.html</A><BR />13909:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:<BR /><BR />In looking at the above URL in the error message, I was led to this page: <BR /><BR /><A href="http://www.apache-ssl.org/docs.html#SSLRandomFile" target="_blank">http://www.apache-ssl.org/docs.html#SSLRandomFile</A><BR /><BR />Which gives this example:<BR /><BR />SSLRandomFile file /dev/urandom 1024<BR /><BR />I can't figure out what that means or what I'm supposed to do with it. I've changed a line in the Configuration file from:<BR /><BR /> Rule DEV_RANDOM=default<BR /><BR />to<BR /> Rule DEV_RANDOM=truerand<BR /><BR />But still cannot make the certificate. The /dev/urandom device (nor /dev/random) exist on this box. <BR /><BR /> Fri, 05 Apr 2002 19:18:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698261#M57274 Jim Loucks 2002-04-05T19:18:47Z https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698262#M57275 Whoops. Got a typo in my first post. The /dev/random and /dev/urandom devices do NOT exist on this system. Fri, 05 Apr 2002 19:24:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698262#M57275 Jim Loucks 2002-04-05T19:24:11Z https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698263#M57276 Jim,<BR /><BR />This earlier thread might help:<BR /><BR /><A href="http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x05c50bce6f33d6118fff0090279cd0f9,00.html" target="_blank">http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x05c50bce6f33d6118fff0090279cd0f9,00.html</A><BR /><BR />HTH,<BR />Jeff Fri, 05 Apr 2002 19:27:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698263#M57276 Jeff Schussele 2002-04-05T19:27:09Z https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698264#M57277 Thanks, Jeff. I tried something similar before posting to no avail. Then I tried what was recommended in the thread you pointed me to, only to get the same error. Fri, 05 Apr 2002 19:34:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698264#M57277 Jim Loucks 2002-04-05T19:34:59Z https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698265#M57278 Hi Jim,<BR /><BR />I created my own certicate using the following process.<BR /><BR />#cd /opt/apache/ssl<BR />#./openssl req -new -keyout myprivate.key -out mypublic.csr<BR />Answer few questions here...<BR />#./openssl rsa -in myprivate.key -out my.cert.key <BR />#./openssl x509 -in mypublic.csr -out my.cert.cert -req -signkey my.cert.key -d<BR />ays 365 <BR /><BR />This worked for me.<BR /><BR />-Sri<BR /><BR /> Fri, 05 Apr 2002 19:38:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698265#M57278 Sridhar Bhaskarla 2002-04-05T19:38:39Z https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698266#M57279 Jim,<BR /><BR />Well, w/o /dev/random ( as almost all other flavors have) we HPers are stuck with random(3m) which of course is ueseless cryptographically.<BR />Good luck - I suggest you call/write the Apache folks &amp; gently remind them you're installing on HP-UX &amp; ask them what the heck you're supposed to do w/o a /dev/random?<BR /><BR />Rgds,<BR />Jeff Fri, 05 Apr 2002 19:44:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698266#M57279 Jeff Schussele 2002-04-05T19:44:41Z https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698267#M57280 Jeff - I'll probably have to do that. Thanks.<BR /><BR />Sri,<BR /><BR />When I try what was successful for you I get the same error:<BR /><BR />./openssl req -new -keyout myprivate.key -out mypublic.csr<BR />Using configuration from /usr/local/ssl/openssl.cnf<BR />unable to load 'random state'<BR />This means that the random number generator has not been seeded<BR />with much random data.<BR />Generating a 1024 bit RSA private key<BR />14805:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:501:You need to read the OpenSSL FAQ, <A href="http://www.openssl.org/support/faq.html" target="_blank">http://www.openssl.org/support/faq.html</A><BR />14805:error:04069003:rsa routines:RSA_generate_key:BN lib:rsa_gen.c:182:<BR /><BR /><BR /> Fri, 05 Apr 2002 19:49:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698267#M57280 Jim Loucks 2002-04-05T19:49:28Z https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698268#M57281 Hi Jim,<BR /><BR />Sorry I didn't read your message clearly. I knew I had this problem as on HP you don't have /dev/random. There is a work around for it if I remember correctly, it will initialize a .rnd file in root's home.<BR /><BR />Take three more test files and compress them. You can use files like /var/adm/sw/swagent.log etc.,<BR /><BR />Use the command <BR /><BR />#openssl genrsa -des3 -rand file1.Z:file2.Z:file3.Z -out my.key 1024.<BR /><BR />After generating the key, verify if you have the file .rnd in your home directory. You should not get this error from then onwards.<BR /><BR />-Sri Fri, 05 Apr 2002 20:22:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698268#M57281 Sridhar Bhaskarla 2002-04-05T20:22:22Z https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698269#M57282 Thanks, Sri. That did it. I was working on a similar idea but didn't know about the .rnd file. Is this documented somewhere? Sun, 07 Apr 2002 18:56:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/apache-open-ssl-quot-prng-not-seeded-quot-when-making/m-p/2698269#M57282 Jim Loucks 2002-04-07T18:56:25Z