Easy-RSA Random Number Error

Support forum for Easy-RSA certificate management suite.
Post Reply
PedroSwan
OpenVpn Newbie
Posts: 5
Joined: Sun Jun 30, 2019 6:42 am

Easy-RSA Random Number Error

Post by PedroSwan » Sat Jul 06, 2019 9:18 pm

I have been following a turtorial to setup OpenVPN with a Certificate Authority machine. They are virtualised machines on an ESXi platform.

The tutorial is here https://www.digitalocean.com/community/ ... untu-18-04 and is great to follow becuase there is explanation as you go.

I have run into some troubles when it comes to running
gen-req
on the OpenVPN machine.

I get this warning

Code: Select all

taz@OpenVPN:~/EasyRSA-v3.0.6$ ./easyrsa gen-req server nopass

Using SSL: openssl OpenSSL 1.1.1  11 Sep 2018


WARNING!!!

An existing private key was found at /home/taz/EasyRSA-v3.0.6/pki/private/server.key
Continuing with key generation will replace this key.

Type the word 'yes' to continue, or any other input to abort.
  Confirm key overwrite: yes
Can't load /home/taz/EasyRSA-v3.0.6/pki/.rnd into RNG
140079494895104:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/home/taz/EasyRSA-v3.0.6/pki/.rnd
Generating a RSA private key
............................................................................................................+++++
.....................+++++
writing new private key to '/home/taz/EasyRSA-v3.0.6/pki/private/server.key.ayLiBdLUuK'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Common Name (eg: your user, host, or server name) [server]:

Keypair and certificate request completed. Your files are:
req: /home/taz/EasyRSA-v3.0.6/pki/reqs/server.req
key: /home/taz/EasyRSA-v3.0.6/pki/private/server.key

taz@OpenVPN:~/EasyRSA-v3.0.6$
If I re-run the command
taz@OpenVPN:~/EasyRSA-v3.0.6$ ./easyrsa gen-req server nopass
if appears to have generated keys because it tells me it is going to overwrite but clearly there is an issue.

Elsewhere I have seen that using touch
touch /root/.rnd
makes the error go away but is this just a false problem to cause issues down the road??

Before I keep going I thought I'd be sure.

Thanks

PedroSwan
OpenVpn Newbie
Posts: 5
Joined: Sun Jun 30, 2019 6:42 am

Re: Easy-RSA Random Number Error

Post by PedroSwan » Sun Jul 07, 2019 2:40 pm

SOLVED - Rolled back to EasyRSA v3.0.4

Post Reply