6

I am trying to generate a CSR using openssl on openshift. I have been encountering this when I run the command using SSH.

openssl genrsa -des3 -out myApp.key 2048
Generating RSA private key, 2048 bit long modulus
...........+++
.....................................................................+++
unable to write 'random state'
e is 65537 (0x10001)

I have researched quiet a bit and tried couple of things

  1. change to data directory or some other directory there the user has rights, and then execute the command. This didn't work. Same error
  2. Some folks suggested to run this command as sudo. But I cannot do that on openshift servers
  3. Others mentioned to remove .rnd files using this command sudo rm ~/.rnd , and again I cannot run this on openshift.

Any pointers? I am baffled that this is happening on a clean new app.

Reaces
  • 5,547
  • 4
  • 36
  • 46
R.W
  • 161
  • 1
  • 1
  • 4

3 Answers3

7

This error occurs because you are not allowed to create files in your home directory on Openshift. This command attempts to create a file at $HOME/.rnd and you see the error because the file cannot be created.

You must tell openssl which file to use for writing random state and you do so by exporting the $RANDFILE environment variable. On Openshift you can write in $OPENSHIFT_DATA_DIR directory so create the command as follows:

export RANDFILE=$OPENSHIFT_DATA_DIR/.rnd
openssl genrsa -des3 -out $OPENSHIFT_DATA_DIR/myApp.key 2048
Noah
  • 171
  • 1
  • 4
4

Similar solution, but a savvy for me I found here.

So I made next:

mkdir ~/"directory where certificates will be generated" 
cd ~/"directory where certificates will be generated"
touch .rnd
export RANDFILE="~/"directory where certificates will be generated"/.rnd"

Now openssl genrsa -des3 -out server.key 2048 command working properly for me.

pa4080
  • 143
  • 8
0

In my machine was giving me this issue because the ".rnd" file was owned by root rather than my user.

Changing the owner solved my problem:

sudo chown $USER:$USER ~/.rnd