Can't load /root/.rnd into RNG

Question

I want to generate a server certificate using Windows Open SSL.

When I run this command line, it appear this error. What should I do?

Command

: openssl req -new -x509 -days 3650 -key ca.key -out ca.crt 

Error:

Can't load ./.rnd into RNG 10504:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto\rand\randfile.c:98:Filename=./.rnd

I also try to find openssl config file, but no, I don't have that file.

Answer 1

Try removing or commenting RANDFILE = $ENV::HOME/.rnd line in /etc/ssl/openssl.cnf

Answer 2

The reason: "the -rand" option tells by default to use random file .rnd somewhere in your OS. Since user issues to use .rnd file which does not exist!!!!

Remedy: add -writerand to write the .rnd file if does not exist.

For Example:

root@CentOS:/usr/local/etc/openldap/private # openssl genrsa -rand -genkey -out cert.key 2048 Can't load -genkey into RNG 546983936:error:2406F079:random number generator:RAND_load_file:Cannot open file:/usr/src/crypto/openssl/crypto/rand/randfile.c:98:Filename=-genkey 

After adding -writerand

root@CentOS:/usr/local/etc/openldap/private # openssl genrsa -writerand -genkey -out cert.key 2048 Generating RSA private key, 2048 bit long modulus (2 primes) ...........................+++++ ..............+++++ e is 65537 (0x010001) root@CentOS:/usr/local/etc/openldap/private #  

I myself will bump into this error again. And ofcourse I will check StackOverflow ( R6000 ha ha ) first!!!