https://community.hpe.com/t5/operating-system-hp-ux/random-number-generator-not-seeded/m-p/2861422#M96287 The OpenSSL req.c command has a -rand option too. <BR />try and add a -rand /home/entropy to these lines in <BR />grid-cert-request.in and grid-cert-request<BR /><BR /> ${SSLEAY} req -new -keyout ${KEY_FILE} -out ${REQ_OUTPUT} -config ${SSLEAY_USER_CONFIG} ${NO_DES}<BR />and <BR /> ${SSLEAY} req -new -keyout ${KEY_FILE} -out ${REQ_OUTPUT} -config ${used_config} ${NO_DES} &lt; ${REQ_INPUT}<BR /><BR /><BR />Also looking closer, it look like it will create a .rnd file<BR />for you if you have the RANDFILE=$ENV::HOME/.rnd<BR />set in the globus-user-ssleay.conf <BR /><BR />The app_RAND_ routines in apps/app_rand.c will check if<BR />the RANDFILE is a EGD socket and not try and write to it. <BR /><BR /><BR />The GSI will also try and call the EGD using the OpenSSL interface,<BR />from src/Security/gssapi_ssleay/sslutils.c. See the comments which <BR />start at line 325. But I have not tried the EGD this myself. <BR /><BR />Can you try and set the EDG_PATH to point to your socket?<BR /><BR />The GSI code does try and add some extra randomness, and will use the <BR />$HOME/.rnd or RANDFILE if set. <BR /><BR /> <BR /> 351 #if SSLEAY_VERSION_NUMBER &gt;= 0x0090581fL<BR /> 352 /*<BR /> 353 * Try to use the Entropy Garthering Deamon<BR /> 354 * See the OpenSSL crypto/rand/rand_egd.c<BR /> 355 */<BR /> 356 egd_path = getenv("EGD_PATH");<BR /> 357 if (egd_path == NULL) {<BR /> 358 egd_path = "/etc/entropy";<BR /> 359 }<BR /> 360 RAND_egd(egd_path);<BR /> 361 #endif<BR /> 362<BR /> Tue, 10 Dec 2002 21:03:27 GMT Paul Sperry 2002-12-10T21:03:27Z https://community.hpe.com/t5/operating-system-hp-ux/random-number-generator-not-seeded/m-p/2861420#M96285 I'm trying to generate a secure key set using openssl in Apache. I keep getting an error stating that the random number generator:SSLEAY_RAND_BYTES:PRNG: not seeded. What's that all about? Tue, 10 Dec 2002 18:08:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/random-number-generator-not-seeded/m-p/2861420#M96285 Terrence Johnson 2002-12-10T18:08:32Z https://community.hpe.com/t5/operating-system-hp-ux/random-number-generator-not-seeded/m-p/2861421#M96286 See if this helps -&gt; <A href="http://groups.google.com/groups?hl=en&amp;lr=&amp;ie=UTF-8&amp;threadm=9me1cj%24iqv%241%40FreeBSD.csie.NCTU.edu.tw&amp;rnum=12&amp;prev=/groups%3Fq%3Dapache%2BSSLEAY_RAND_BYTES:PRNG:%2Bnot%2Bseeded.%26hl%3Den%26lr%3D%26ie%3DUTF-8%26start%3D10%26sa%3DN" target="_blank">http://groups.google.com/groups?hl=en&amp;lr=&amp;ie=UTF-8&amp;threadm=9me1cj%24iqv%241%40FreeBSD.csie.NCTU.edu.tw&amp;rnum=12&amp;prev=/groups%3Fq%3Dapache%2BSSLEAY_RAND_BYTES:PRNG:%2Bnot%2Bseeded.%26hl%3Den%26lr%3D%26ie%3DUTF-8%26start%3D10%26sa%3DN</A><BR /><BR />Tom Tue, 10 Dec 2002 19:25:00 GMT https://community.hpe.com/t5/operating-system-hp-ux/random-number-generator-not-seeded/m-p/2861421#M96286 Tom Jackson 2002-12-10T19:25:00Z https://community.hpe.com/t5/operating-system-hp-ux/random-number-generator-not-seeded/m-p/2861422#M96287 The OpenSSL req.c command has a -rand option too. <BR />try and add a -rand /home/entropy to these lines in <BR />grid-cert-request.in and grid-cert-request<BR /><BR /> ${SSLEAY} req -new -keyout ${KEY_FILE} -out ${REQ_OUTPUT} -config ${SSLEAY_USER_CONFIG} ${NO_DES}<BR />and <BR /> ${SSLEAY} req -new -keyout ${KEY_FILE} -out ${REQ_OUTPUT} -config ${used_config} ${NO_DES} &lt; ${REQ_INPUT}<BR /><BR /><BR />Also looking closer, it look like it will create a .rnd file<BR />for you if you have the RANDFILE=$ENV::HOME/.rnd<BR />set in the globus-user-ssleay.conf <BR /><BR />The app_RAND_ routines in apps/app_rand.c will check if<BR />the RANDFILE is a EGD socket and not try and write to it. <BR /><BR /><BR />The GSI will also try and call the EGD using the OpenSSL interface,<BR />from src/Security/gssapi_ssleay/sslutils.c. See the comments which <BR />start at line 325. But I have not tried the EGD this myself. <BR /><BR />Can you try and set the EDG_PATH to point to your socket?<BR /><BR />The GSI code does try and add some extra randomness, and will use the <BR />$HOME/.rnd or RANDFILE if set. <BR /><BR /> <BR /> 351 #if SSLEAY_VERSION_NUMBER &gt;= 0x0090581fL<BR /> 352 /*<BR /> 353 * Try to use the Entropy Garthering Deamon<BR /> 354 * See the OpenSSL crypto/rand/rand_egd.c<BR /> 355 */<BR /> 356 egd_path = getenv("EGD_PATH");<BR /> 357 if (egd_path == NULL) {<BR /> 358 egd_path = "/etc/entropy";<BR /> 359 }<BR /> 360 RAND_egd(egd_path);<BR /> 361 #endif<BR /> 362<BR /> Tue, 10 Dec 2002 21:03:27 GMT https://community.hpe.com/t5/operating-system-hp-ux/random-number-generator-not-seeded/m-p/2861422#M96287 Paul Sperry 2002-12-10T21:03:27Z https://community.hpe.com/t5/operating-system-hp-ux/random-number-generator-not-seeded/m-p/2861423#M96288 Hi,<BR /><BR />It is looking for /dev/urandom random seed generator device file.<BR /><BR />HP-UX 11i v1.6 has kernel support for that device file. ( Not Installed by default)<BR /><BR />HP-UX 11.x and 10.x don;t have support for this file. You have use some other random generator<BR /><BR />regards,<BR />U.SivaKumar<BR /> Wed, 11 Dec 2002 08:14:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/random-number-generator-not-seeded/m-p/2861423#M96288 U.SivaKumar_2 2002-12-11T08:14:55Z