EasyRSA fails with sign_req randomize serial number failed
Posted: Tue Feb 06, 2024 12:17 pm
I was able to renew one client and one server cert a couple of weeks ago.
Today, I attempted to revoke-renewed those certs which failed, although I was able to revoke them manually with openssl.
I then tried to renew some expired certs and get:
I installed haveged (entropy generator) although it seems entropy problems are unlikely these days; it didn't make a difference.
I tried a script to rebuild index.txt; no difference.
If I manually set up the environment variables, and run directly I get nothing back, I don't know if that is expected.
Please can anyone help?
Today, I attempted to revoke-renewed those certs which failed, although I was able to revoke them manually with openssl.
I then tried to renew some expired certs and get:
The same error occurs if i create new CSRs and attempt to sign-req (whether client or server)Easy-RSA error:
sign_req - Randomize Serial number failed:
Using configuration from /home/norm/easy-rsa/pki/openssl-easyrsa.cnf
Easy-RSA error:
easyrsa_openssl - Command has failed:
* openssl ca -status 3b11ea....
I installed haveged (entropy generator) although it seems entropy problems are unlikely these days; it didn't make a difference.
I tried a script to rebuild index.txt; no difference.
If I manually set up the environment variables, and run
Code: Select all
openssl ca -config ./openssl-easyrsa.cnf -status (serialnumber)
Please can anyone help?