Problem with easy-rsa and RANDFILE
Posted: Thu Aug 18, 2011 7:28 am
Hello,
I'm not quite sure if this is the right forum to ask such a question. If it is not redirect me to a suitable one, please.
To access our network from the outer world we want to use openvpn to provide a more secure access. To administrate all user accounts we want to use certificates and a self-build webinterface, which uses a database for handling the user/cert related infos at a higher level.
So the architecture of our software is as follows. The system where this is running on is GNU/Debian5. A supervisor will login to webinterface and provide relevant data of a user. The Webinterface is written in PHP5 and will call a bash script which is setup as a TCP-Server by using xinetd to create all certs based on the data provided by the supervisor. So far this works.
When i manually call the bash script everything works as expected. When the "webservice" calls the bash script than something went wrong.
This is the error message:
Googling for that shows up a possible solution. It is said that it is needed to set the $RANDFILE-Variable within a script or to set the option "-rand" when calling one of the scripts provided by easy-rsa.
I actually don't know where to set the $RANDFILE-Variable. I tried to change the one provided by openssl.cnf within the eays-rsa/2.0-directory but nothing changes. I also tried to set the parameter "-rand" within the pkitool-script but things get even worse.
Can someone give me a hint where to set the "-rand" parameter exactly, please?
greetings
benny
I'm not quite sure if this is the right forum to ask such a question. If it is not redirect me to a suitable one, please.
To access our network from the outer world we want to use openvpn to provide a more secure access. To administrate all user accounts we want to use certificates and a self-build webinterface, which uses a database for handling the user/cert related infos at a higher level.
So the architecture of our software is as follows. The system where this is running on is GNU/Debian5. A supervisor will login to webinterface and provide relevant data of a user. The Webinterface is written in PHP5 and will call a bash script which is setup as a TCP-Server by using xinetd to create all certs based on the data provided by the supervisor. So far this works.
When i manually call the bash script everything works as expected. When the "webservice" calls the bash script than something went wrong.
This is the error message:
Code: Select all
20250:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:pem_lib.c:331: I actually don't know where to set the $RANDFILE-Variable. I tried to change the one provided by openssl.cnf within the eays-rsa/2.0-directory but nothing changes. I also tried to set the parameter "-rand" within the pkitool-script but things get even worse.
Can someone give me a hint where to set the "-rand" parameter exactly, please?
greetings
benny