Using OpenSSL what does unable to write random state mean

Question

I m generating a self-signed SSL certificate to protect my server s admin section  and I keep getting this message from OpenSSL      unable to write  random state    What does this mean   This is on an Ubuntu server  I have upgraded libssl to fix the recent security vulnerability

User · Answer

Apparently  I needed to run OpenSSL as root in order for it to have permission to the seeding file

User · Answer

You should set the  RANDFILE environment variable and or create  HOME  rnd file   OpenSSL FAQ    Of course  you should have rights to that file  Others answers here are about that  But first you should have the file and a reference to it    Up to version 0 9 6 OpenSSL wrote the seeding file in the current directory in the file   rnd   At version 0 9 6a you have no default seeding file  OpenSSL 0 9 6b and later will behave similarly to 0 9 6a  but will use a default of  C    for HOME on Windows systems if the environment variable has not been set    If the default seeding file does not exist or is too short  the  PRNG not seeded  error message may occur    The  RANDFILE environment variable and  HOME  rnd are only used by the OpenSSL command line tools  Applications using the OpenSSL library provide their own configuration options to specify the entropy source  please check out the documentation coming the with application

User · Answer

Apparently  I needed to run OpenSSL as root in order for it to have permission to the seeding file

User · Answer

One other issue on the Windows platform  make sure you are running your command prompt as an Administrative User   I don t know how many times this has bitten me

User · Answer

I know this question is on Linux  but on windows I had the same issue   Turns out you have to start the command prompt in  Run As Administrator  mode for it to work   Otherwise you get the same  unable to write  random state  error

User · Answer

I have come accross this problem today on AWS Lambda  I created an environment variable RANDFILE    tmp  random   That did the trick

User · Answer

I know this question is on Linux  but on windows I had the same issue   Turns out you have to start the command prompt in  Run As Administrator  mode for it to work   Otherwise you get the same  unable to write  random state  error

User · Answer

Apparently  I needed to run OpenSSL as root in order for it to have permission to the seeding file

User · Answer

I had the same thing on windows server  Then I figured out by changing the vars bat which is   set HOME C  Program Files  x86  OpenVPN easy-rsa   then redo from beginning and everything should be fine

User · Answer

One other issue on the Windows platform  make sure you are running your command prompt as an Administrative User   I don t know how many times this has bitten me

User · Answer

In practice  the most common reason for this happening seems to be that the  rnd file in your home directory is owned by root rather than your account   The quick fix   sudo rm    rnd   For more information  here s the entry from the OpenSSL FAQ      Sometimes the openssl command line utility does not abort with a  PRNG not seeded  error message  but complains that it is  unable to write  random state    This message refers to the default seeding file  see previous answer   A possible reason is that no default filename is known because neither RANDFILE nor HOME is set   Versions up to 0 9 6 used file   rnd  in the current directory in this case  but this has changed with 0 9 6a      So I would check RANDFILE  HOME  and permissions to write to those places in the filesystem   If everything seems to be in order  you could try running with strace and see what exactly is going on

User · Answer

The problem for me was that I had  rnd in my home directory but it was owned by root  Deleting it and reissuing the openssl command fixed this

User · Answer

The problem for me was that I had  rnd in my home directory but it was owned by root  Deleting it and reissuing the openssl command fixed this

User · Answer

In practice  the most common reason for this happening seems to be that the  rnd file in your home directory is owned by root rather than your account   The quick fix   sudo rm    rnd   For more information  here s the entry from the OpenSSL FAQ      Sometimes the openssl command line utility does not abort with a  PRNG not seeded  error message  but complains that it is  unable to write  random state    This message refers to the default seeding file  see previous answer   A possible reason is that no default filename is known because neither RANDFILE nor HOME is set   Versions up to 0 9 6 used file   rnd  in the current directory in this case  but this has changed with 0 9 6a      So I would check RANDFILE  HOME  and permissions to write to those places in the filesystem   If everything seems to be in order  you could try running with strace and see what exactly is going on

User · Answer

In practice  the most common reason for this happening seems to be that the  rnd file in your home directory is owned by root rather than your account   The quick fix   sudo rm    rnd   For more information  here s the entry from the OpenSSL FAQ      Sometimes the openssl command line utility does not abort with a  PRNG not seeded  error message  but complains that it is  unable to write  random state    This message refers to the default seeding file  see previous answer   A possible reason is that no default filename is known because neither RANDFILE nor HOME is set   Versions up to 0 9 6 used file   rnd  in the current directory in this case  but this has changed with 0 9 6a      So I would check RANDFILE  HOME  and permissions to write to those places in the filesystem   If everything seems to be in order  you could try running with strace and see what exactly is going on

User · Answer

You should set the  RANDFILE environment variable and or create  HOME  rnd file   OpenSSL FAQ    Of course  you should have rights to that file  Others answers here are about that  But first you should have the file and a reference to it    Up to version 0 9 6 OpenSSL wrote the seeding file in the current directory in the file   rnd   At version 0 9 6a you have no default seeding file  OpenSSL 0 9 6b and later will behave similarly to 0 9 6a  but will use a default of  C    for HOME on Windows systems if the environment variable has not been set    If the default seeding file does not exist or is too short  the  PRNG not seeded  error message may occur    The  RANDFILE environment variable and  HOME  rnd are only used by the OpenSSL command line tools  Applications using the OpenSSL library provide their own configuration options to specify the entropy source  please check out the documentation coming the with application

User · Answer

I had the same thing on windows server  Then I figured out by changing the vars bat which is   set HOME C  Program Files  x86  OpenVPN easy-rsa   then redo from beginning and everything should be fine

User · Answer

Apparently  I needed to run OpenSSL as root in order for it to have permission to the seeding file

User · Answer

I have come accross this problem today on AWS Lambda  I created an environment variable RANDFILE    tmp  random   That did the trick

User · Answer

In practice  the most common reason for this happening seems to be that the  rnd file in your home directory is owned by root rather than your account   The quick fix   sudo rm    rnd   For more information  here s the entry from the OpenSSL FAQ      Sometimes the openssl command line utility does not abort with a  PRNG not seeded  error message  but complains that it is  unable to write  random state    This message refers to the default seeding file  see previous answer   A possible reason is that no default filename is known because neither RANDFILE nor HOME is set   Versions up to 0 9 6 used file   rnd  in the current directory in this case  but this has changed with 0 9 6a      So I would check RANDFILE  HOME  and permissions to write to those places in the filesystem   If everything seems to be in order  you could try running with strace and see what exactly is going on

[openssl] Using OpenSSL what does "unable to write 'random state'" mean?

Examples related to openssl