I hit an interesting problem today, whilst trying to create a public/private key pair: -
openssl req -subj '/C=GB/O=IBM/CN=david_hay.uk.ibm.com' -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out ~/nginx/nginx.crt -keyout ~/nginx/nginx.key
Can't load /root/.rnd into RNG
4396464178976:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
Generating a RSA private key
........................++++
........................++++
writing new private key to '/root/nginx/nginx.key'
-----
on an Ubuntu box: -
lsb_release -a
No LSB modules are available.
Distributor ID:Ubuntu
Description:Ubuntu 18.04.5 LTS
Release:18.04
Codename:bionic
( actually it's an Ubuntu container running on an IBM Z box, via the Secure Service Container technology, but that's not the point of the story here ! )
I'd not seen that before ... but I noticed that the missing file was .rnd in my user's home directory - /root.
Taking a punt, I tried creating that file: -
touch ~/.rnd
and re-ran the openssl command: -
openssl req -subj '/C=GB/O=IBM/CN=david_hay.uk.ibm.com' -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out ~/nginx/nginx.crt -keyout ~/nginx/nginx.key
Generating a RSA private key
....................................................................++++
..++++
writing new private key to '/root/nginx/nginx.key'
-----
I'd previously run the same command on a different Ubuntu container: -
lsb_release -a
No LSB modules are available.
Distributor ID:Ubuntu
Description:Ubuntu 18.04 LTS
Release:18.04
Codename:bionic
without similar issues.
Both are running the same version of openssl namely: -
openssl version
OpenSSL 1.1.1 11 Sep 2018
Using this as a source: -
I used openssl to generate the .rnd file: -
openssl rand -out /root/.rnd -hex 256
and validated that I could still generate the key pair: -
openssl req -subj '/C=GB/O=IBM/CN=david_hay.uk.ibm.com' -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out ~/nginx/nginx.crt -keyout ~/nginx/nginx.key
Generating a RSA private key
.....................................................................++++
..................++++
writing new private key to '/root/nginx/nginx.key'
-----
Weird !