make certificate TYPE=test ALGO=DSA -> PRNG not seeded

Cedric Lack Wed, 16 Aug 2000 12:48:38 -0700

Hello,

root@stva159> uname -a
SunOS stva159 5.7 Generic_106541-04 sun4u sparc SUNW,Ultra-5_10


I'm installing:
 * apache_1.3.12
 * ApacheJServ-1.1.2
 * openssl-0.9.5a
 * mm-1.1.3
 * mod_ssl-2.6.5-1.3.12

I've found this answer for Solaris 2.6...
http://www.openssl.org/support/faq.html#6

Is it the same for Solaris 2.7?

Which way should I take:
   * Entropy Gathering Demon
or * the SUNski package from Sun patch 105710-01 (Sparc) ?

Any experiences?

Thanks for your help
Cedric

-- 
Cedric Lack /2014            Ascom Business Systems
Tel. + 41 32 624 20 14       Ziegelmattstrasse 1 
Fax. + 41 32 624 31 56       CH-4500 Solothurn 
mailto:[EMAIL PROTECTED]  http://www.ascom.ch

root@stva159> make certificate TYPE=test
ALGO=DSA                                 
/opt/itlocal/httpd/sources/apache_1.3.12
make.3.78.1[1]: Entering directory
`/opt/itlocal/httpd/sources/apache_1.3.12/src'
SSL Certificate Generation Utility (mkcert.sh)
Copyright (c) 1998-2000 Ralf S. Engelschall, All Rights Reserved.

Generating test certificate signed by Snake Oil CA [TEST]
WARNING: Do not use this for real-life/production systems

WARNING! You're generating a DSA based certificate/key pair.
         This implies that RSA based ciphers won't be available later,
         which for your web server currently still means that mostly all
         popular web browsers cannot connect to it. At least not until
         you also generate an additional RSA based certificate/key pair
         and configure them in parallel.
______________________________________________________________________

STEP 1: Generating DSA private key (1024 bit) [server.key]
Generating DSA private key via SnakeOil CA DSA parameters
1242119 semi-random bytes loaded
Generating DSA key, 1024 bits
______________________________________________________________________

STEP 2: Generating X.509 certificate signing request [server.csr]
Using configuration from .mkcert.cfg
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
1. Country Name             (2 letter code) [XY]:
2. State or Province Name   (full name)     [Snake Desert]:
3. Locality Name            (eg, city)      [Snake Town]:
4. Organization Name        (eg, company)   [Snake Oil, Ltd]:
5. Organizational Unit Name (eg, section)   [Webserver Team]:
6. Common Name              (eg, FQDN)      [www.snakeoil.dom]:
7. Email Address            (eg, name@FQDN) [[EMAIL PROTECTED]]:
13490:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not
seeded:md_rand.c:538:
13490:error:0A06B003::lib(10) :DSA_sign_setup:BN lib:dsa_ossl.c:214:
13490:error:0A070003::lib(10) :DSA_do_sign:BN lib:dsa_ossl.c:152:
13490:error:0D072006:asn1 encoding routines:ASN1_sign:bad get asn1
object call:a_sign.c:129:
mkcert.sh:Error: Failed to generate certificate signing request
make.3.78.1[1]: *** [certificate] Error 1
make.3.78.1[1]: Leaving directory
`/opt/itlocal/httpd/sources/apache_1.3.12/src'
make.3.78.1: *** [certificate] Error 2

cd /opt/itlocal/httpd/sources/apache_1.3.12
./configure --prefix=/opt/itlocal/httpd/apache\
            --enable-rule=SHARED_CORE\
            --enable-module=so\
            --enable-module=speling

make
make install


#Install my httpd.conf
\cp -f /opt/itlocal/httpd/sources/httpd_without_jserv.conf 
/opt/itlocal/httpd/apache/conf/httpd.conf

/opt/itlocal/httpd/apache/bin/apachectl start

#test apache
#stva159.pbx.ascom.ch

/opt/itlocal/httpd/apache/bin/apachectl stop


#Configure and install Jserv
cd /opt/itlocal/httpd/sources/ApacheJServ-1.1.2/   
configure --prefix=/opt/itlocal/httpd/Jserv\
          --with-apxs=/opt/itlocal/httpd/apache/bin/apxs\
          --with-JSDK=/appl/java/JSDK2.0/lib/jsdk.jar \
          --with-jdk-home=/appl/java/Solaris_JDK_1.2.2_05

make
make install


#Install my httpd.conf (including jserv)
\cp -f /opt/itlocal/httpd/sources/httpd.conf /opt/itlocal/httpd/apache/conf/httpd.conf

#Install my jserv.conf
\cp /opt/itlocal/httpd/sources/jserv.conf 
/opt/itlocal/httpd/apache/conf/jserv/jserv.conf

#Install my jserv.properties
\cp /opt/itlocal/httpd/sources/jserv.properties 
/opt/itlocal/httpd/apache/conf/jserv/jserv.properties

#Install my zone.properties
\cp /opt/itlocal/httpd/sources/zone.properties 
/opt/itlocal/httpd/apache/conf/jserv/zone.properties


/opt/itlocal/httpd/apache/bin/apachectl start

#test a servlet
#http://stva159.pbx.ascom.ch/servlets/Hello

/opt/itlocal/httpd/apache/bin/apachectl stop

# a PATH with which the cc compiler cannot be found
# that way gcc is used :)
export 
PATH=.://bin:/home/archive/swpool/tool/bin:/appl/swdev/bin:/appl/cygnus/bin:/appl/cadul/bin:/appl/enea/OSE68/bin:/appl/snavigator/bin:/appl/lsf/bin:/appl/ingres/bin:/appl/ingres/utility:/appl/qac++/bin:/appl/itex/bin:/appl/CenterLine/bin:/appl/CenterLine/sparc-solaris2/bin:/opt/itlocal/bin:/opt/sysmgr/bin:/opt/sysmgr/sbin:/appl/it/bin:/usr/lib/nis:/usr/bin/nsr:/usr/sbin/nsr:/usr/opt/SUNWmd/sbin:/usr/proc/bin:/appl/SUNWss/bin:/appl/SUNWste/bin:/opt/RICHPse/bin:/opt/RICHPse/examples:/opt/SUNWadm/bin:/appl/SUNWshd/bin:/etc/LGTOuscsi:/usr/local/bin:/usr/local/hosts:/usr/bin:/usr/dt/bin:/usr/openwin/bin:/appl/acrobat/bin:/appl/frame/bin:/usr/ccs/bin:/usr/sbin:/opt/CTX.UIS/bin:/opt/lotus/bin:~/notesr4:/usr/ucb

cd /opt/itlocal/httpd/sources/openssl-0.9.5a
./config --openssldir=/opt/itlocal/httpd/openssl \
         no-idea \
         no-asm

#         no-rsa
# ->Should or shouldn't I specify this option?

make clean
make
make test
make install


cd /opt/itlocal/httpd/sources/mm-1.1.3/
#--disable-shared needed by mod_ssl(mod_ssl/INSTALL L213))
./configure --disable-shared \
            --prefix=/opt/itlocal/httpd/mm
make
make test
make install


cd /opt/itlocal/httpd/sources/mod_ssl-2.6.5-1.3.12 
EAPI_MM=/opt/itlocal/httpd/sources/mm-1.1.3 \
./configure --with-apache=/opt/itlocal/httpd/sources/apache_1.3.12 \
        --with-ssl=/opt/itlocal/httpd/sources/openssl-0.9.5a \
        --prefix=/opt/itlocal/httpd/apache


cd /opt/itlocal/httpd/sources/apache_1.3.12
SSL_BASE=/opt/itlocal/httpd/openssl \
EAPI_MM=/opt/itlocal/httpd/mm \
./configure --prefix=/opt/itlocal/httpd/apache\
            --enable-rule=SHARED_CORE\
            --enable-module=so\
            --enable-module=speling\
            --enable-module=ssl

make clean
make

#here the command with which I'm having problems!:(
make certificate TYPE=test ALGO=DSA

make certificate TYPE=test ALGO=DSA -> PRNG not seeded

Reply via email to