tags:

views:

6617

answers:

2

I'm generating a self-signed SSL certificate to protect my server's admin section, and I keep getting this message from openssl:

unable to write 'random state'

What does this mean? A quick Google search yields nothing useful, so I thought I'd try out the new Stack Overflow!

This is on an Ubuntu server. I have upgraded libssl to fix the recent security vulnerability.

+5  A: 

From the FAQ:

Sometimes the openssl command line utility does not abort with a "PRNG not seeded" error message, but complains that it is "unable to write 'random state'". This message refers to the default seeding file (see previous answer). A possible reason is that no default filename is known because neither RANDFILE nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the current directory in this case, but this has changed with 0.9.6a.)

So I would check RANDFILE, HOME, and permissions to write to those places in the filesystem.

If everything seems to be in order, you could try running with strace and see what exactly is going on.

Ville Laurikari
My system was giving me this issue because the ".rnd" file was owned by root rather than my user.A quick `sudo chown user:user ~/.rnd` made everything work out.
HalfBrian
+4  A: 

Apparently, I needed to run openssl as root in order for it to have permission to the seeding file.

Luke Francl
It is more likely that you once *ran* it as root whereupon the .rnd file in your home-directory was created with permissions set for root only. This happened to me a while back. Deletion of .rnd solved the issue.
kapuzineralex