Using OpenSSL what does "unable to write 'random state'" mean?

Question

I'm generating a self-signed SSL certificate to protect my server's admin section, and I keep getting this message from OpenSSL:

unable to write 'random state'

What does this mean?

This is on an Ubuntu server. I have upgraded libssl to fix the recent security vulnerability.

Answer 1

In practice, the most common reason for this happening seems to be that the .rnd file in your home directory is owned by root rather than your account. The quick fix:

sudo rm ~/.rnd 

For more information, here's the entry from the OpenSSL FAQ:

Sometimes the openssl command line utility does not abort with a "PRNG not seeded" error message, but complains that it is "unable to write 'random state'". This message refers to the default seeding file (see previous answer). A possible reason is that no default filename is known because neither RANDFILE nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the current directory in this case, but this has changed with 0.9.6a.)

So I would check RANDFILE, HOME, and permissions to write to those places in the filesystem.

If everything seems to be in order, you could try running with strace and see what exactly is going on.