Random Number Error with Self-Signed Certificate

Question

I have been trying to create a self-signed certificate but I keep getting an error related to the random number generator. I entered this in the terminal:

openssl req -x509 -days 365 -sha256 -newkey rsa:4096 -keyout mycert.pem -out mycert.pem

I then get the prompt to enter my information. I get through that just fine but when I press enter, I get the following error:

Cannot write random bytes:

139680915939776:error:2407007A:random number generator:RAND_write_file:Not a regular file:crypto/rand/randfile.c:163:Filename=/home/user/.rnd

I have the exact same issue on a raspberry pi3 – Maleka Nov 30 '19 at 17:17 — Maleka, Nov 30 '19 at 17:17

score 0 · Answer 1 · answered Dec 02 '19 at 05:32

The issue was solved by using the following code as a replacement for /usr/share/dovecot/dovecot-openssl.cnf content:

[ req ]
default_bits = 2048
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
# country (2 letter code)
#C=FI

# State or Province Name (full name)
#ST=

# Locality Name (eg. city)
#L=Helsinki

# Organization (eg. company)
#O=Dovecot

# Organizational Unit Name (eg. section)
OU=IMAP server

# Common Name (*.example.com is also possible)
CN=imap.example.com

# E-mail contact
emailAddress=postmaster@example.com

[ cert_type ]
nsCertType = server

score 0 · Answer 2 · answered Dec 15 '19 at 15:39

0

It might be that you are not allowed to write /home/user/.rnd with the user running the command.

You might want to check your access rights or if /home/user exists.

answered Dec 15 '19 at 15:39

arkhi

468
3
14

I came to this conclusion when reading https://stackoverflow.com/a/12522479/1268414. – arkhi Dec 15 '19 at 15:41

Random Number Error with Self-Signed Certificate

2 Answers2