RE: Init: Failed to generate private key Error on HP-UX system

Fri, 01 Sep 2000 02:34:32 -0700 

This is a slightly different situation, but I suspect the underlying 
issue is the same :

I am using Solaris 2.6, OpenSSL 0.9.5a, ModSSL 2.6.6 & Apache 1.3.12.

On Solaris 2.6, there is neither a /dev/urandom nor a /dev/random by 
default.  As suggested in comments on the FAQ lists, I installed the 
Solaris patch 105710-01 and now have a /dev/random.  BUT ... I was 
still getting run-time errors (PRNG not seeded) when running 'make 
certificate' in the Apache directory.

I noticed that in the OpenSSL directory, there's a header file e_os.h 
which #defines DEVRANDOM to be "/dev/urandom".  I have changed this to 
"/dev/random", rebuilt,  and my 'make certificate' goes through now.  
Does anybody concur that this was a good thing to do ?

What my (and I guess, Massimo's) question is : what's the recommended 
alternative to /dev/urandom and what's the recommended way of using 
it (e.g. do we need to set RANDFILE to anything) ?

BTW, does anybody know what you do for Solaris 7 & 8 ?

Phil Mills
QSP Net Products Development

-----Original Message-----
From: Sassi Massimo [mailto:[EMAIL PROTECTED]]
Sent: 01 September 2000 09:54
To: '[EMAIL PROTECTED]'
Subject: Init: Failed to generate private key Error on HP-UX system


I've compiled and installed  mod_ssl-2.4.10-1.3.9, open_ssl-0.9.5a and
Apache-1.3.9 on an machine with the following OS: HP-UX 10.20.

But after the successfull installation Apache is unable to start, via
the "apachectl startssl" or the regular "apachectl start" commands.
I see the following entry in the error_log:
     [error] mod_ssl: Init: Failed to generate  temporary 512 bit RSA
private key.

>From the mailing list I've Known that this is a regular problem and I
understand that it's possible to resolve it by means of SSLRandomSeed
directives in httpd.conf. Is this correct ?
On systems without /dev/urandom (and HP-UX is one of this) the problem
is to generate a  "randomness device".

Has anyone else encountered this error, and if so, could you give me  a
step by step procedure about how to resolve it?  Many thanks in advance.

Massimo Sassi
_______________________________________
             Massimo Sassi

              CSELT S.p.A.
        TELECOM ITALIA GROUP

Data Network and Service Management

 e-mail:    [EMAIL PROTECTED]
_________________________________________

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to