81

While generating the private key using this command

genrsa -out my-prvkey.pem 1024

It throws the error like below

Loadind 'screen' into random state -done Generating RSA private key,1024 bit long modulus .........................................+++++++ ...........................+++++++++ unable to write 'random state' e is 65537 (0*10001)

This makes any problem while creating a public certificate. I'm running this command in windows. Can anyone help me for the fix?

Sibeesh Venu
  • 15,155
  • 9
  • 82
  • 116
arok
  • 1,783
  • 7
  • 26
  • 54

6 Answers6

122

The quickest solution is: set environment variable RANDFILE to path where the 'random state' file can be written (of course check the file access permissions), eg. in your command prompt:

set RANDFILE=C:\MyDir\.rnd
openssl genrsa -out my-prvkey.pem 1024

More explanations: OpenSSL on Windows tries to save the 'random state' file in the following order:

  1. Path taken from RANDFILE environment variable
  2. If HOME environment variable is set then : ${HOME}\.rnd
  3. C:\.rnd

I'm pretty sure that in your case it ends up trying to save it in C:\.rnd (and it fails because lack of sufficient access rights). Unfortunately OpenSSL does not print the path that is actually tries to use in any error messages.

sirgeorge
  • 6,083
  • 1
  • 26
  • 33
  • 6
    Sorry it was closed, mate... this is a great question and google brings it up first. – fool4jesus Sep 29 '13 at 22:17
  • 1
    This also works great without having to run as admin. (Though just setting `HOME` was sufficient.) – Synetech May 26 '14 at 20:38
  • 4
    If you're using PowerShell you'll want to use `$env:RANDFILE = 'C:\MyDir\.rnd'` (In PowerShell `set` is an alias for `Set-Variable` which has nothing to do with environment variables!) – Jeff Camera Apr 04 '16 at 17:17
34

It may also be that you need to run the console as an administrator. On windows 7, hold ctrl+shift when you launch the console window.

Dave Clemmer
  • 3,777
  • 12
  • 48
  • 72
alile
  • 357
  • 3
  • 3
  • I feel this probably should have been a country unless you know this is a fix, but you prose suggests otherwise – Mike Dec 11 '12 at 01:08
  • 3
    you can also gain admin access to cmd by hitting Start, type cmd, right click cmd.exe, and run-as-administrator. :) – Tyler Rafferty Dec 03 '13 at 06:36
31

just enter this line in the command line :

set RANDFILE=.rnd
Tunaki
  • 125,519
  • 44
  • 317
  • 399
eliprodigy
  • 579
  • 5
  • 7
  • I have install openssl on windows 10, I have run above command on command prompt. openssl still gives the same error as, OpenSSL> genrsa -out key.pem Loading 'screen' into random state - done Generating RSA private key, 512 bit long modulus .....................................................++++++++++++ .......++++++++++++ unable to write 'random state' e is 65537 (0x10001) – Rohit Borude Sep 16 '20 at 04:58
7

Or this in windows powershell

$env:RANDFILE=".rnd"
konzo
  • 1,873
  • 21
  • 32
4

I did not find where the .rnd file is so I ran the cmd as administrator and it worked like a charm.

Doan Vu
  • 484
  • 6
  • 11
0
Rohit Borude
  • 178
  • 1
  • 2
  • 9