Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OpenSSL hangs during PKCS12 export with "Loading 'screen' into random state"

I am generating a self-signed SSL certificate with OpenSSL (not makecert), for use in IIS.

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '//CN=myhost'

(The double slash is correct. The command above does not work without that.)

openssl pkcs12 -export -out key.pfx -inkey key.pem -in cert.pem -name 'myhost'

The first command runs completes successfully. However the second get stuck with

Loading 'screen' into random state -

I am using OpenSSL (1.0.2d) that comes with Git for Windows (2.6.3). Anyone experiences the same issue?

Clarification: Question How to fix "unable to write 'random state' " in openssl describes different -- problem with writing the the .rnd file. Here the problem seems to be generating the random state. (And only in the second command.)

like image 237
TN. Avatar asked Dec 08 '15 13:12

TN.


3 Answers

Please try to add winpty before oppenssl:

winpty openssl ...

or you can run a new bash wrapped by winpty:

winpty bash

In the windows console, there is some problem with terminal input/output so winpty can help if some software requires unix terminal behavior.

winpty helped me to run openssl in this environment:

git version 2.7.3.windows.1
OpenSSL 1.0.2g  1 Mar 2016
like image 116
Slawomir Jaranowski Avatar answered Oct 09 '22 03:10

Slawomir Jaranowski


I found that I needed to specify the PFX password on the command line using -passout pass:SomePassword - e.g.:

openssl pkcs12 -export -out foo_example_com.pfx -inkey foo_example_com.key -in foo_example_com.crt -passout pass:Pa55w0rd
like image 29
Duncan Smart Avatar answered Oct 09 '22 02:10

Duncan Smart


Recently I hit the same when running openssl in an azure ubuntu VM over ssh from a windows 10 laptop. I tried openssl for windows also from windows command prompt and powershell. The root cause behind this seems to be terminal compatibility of openssl when using from windows command prompt.

I found that wsl (windows-subsystem-linux) based shell seem to be good and command goes through proper prompt instead of seem-to-be-hung. Steps here will be

  1. Install ubuntu on windows
  2. launch windows command prompt. Use wsl command to launch bash shell.
  3. openssl tool is already available in this shell. it should give the password and verify password prompts.

openssl pkcs12 command

like image 1
Sushil Avatar answered Oct 09 '22 03:10

Sushil