Solved OpenSSL 1.1.1 - FreeBSD 12.1 - genrsa error (Cannot open file:/usr/src/crypto/openssl/rand/randfile.c:98:Filename=-genkey)

I installed OpenSSL 1.1.1 after I received this error. However, it did not resolve this error.

Here are the details:

Code:
root@sharpenyoursword:~ # openssl genrsa -rand -genkey -out.cert.key 2048
Can't load -genkey into RNG
34371092480:error:2406F079:random number generator:RAND_load_file:Cannot open file:/usr/src/crypto/openssl/crypto/rand/randfile.c:98:Filename=-genkey
root@sharpenyoursword:~ #

I am working on getting SSLDragon RapidSSL certificate installed for Apache 2.4.41 & Dovecot + Postfix.

Thank you if anyone knows what is going on here.
 
I don't think you've copied that command correctly? -out.cert.key is meant to be -out cert.key.

Not saying that's why you are getting the error you are, but won't be helping.
richardtoohey2,

Thank you for the reply. I am responding to your other response also!

I corrected the command and it's displaying the same error:

Code:
root@sharpenyoursword:~ # openssl genrsa -rand -genkey -out cert.key 2048
Can't load -genkey into RNG
34371092480:error:2406F079:random number generator:RAND_load_file:Cannot open file:/usr/src/crypto/openssl/crypto/rand/randfile.c:98:Filename=-genkey
root@sharpenyoursword:~ #
 
Looks like you need to find another guide that works?

From the error message it looks as though -rand is expecting a parameter that is the name of the file - I think it is saying you've asked for -rand with file "-genkey" and I can't find that file.

When I Google for using a https certificate on FreeBSD I'm not getting any examples using rand. They are usually more along the lines of "openssl genrsa -des3 -out server.key 1024" (taken from an old page, so don't just copy it!) So might be worth looking for a few modern examples and see if you can get something that works. Another example is https://nz.godaddy.com/help/apache-generate-csr-certificate-signing-request-5269

The key generation steps should be very similar to what you have to do on Linux, especially if you are using Apache and OpenSSL.
 
Looks like you need to find another guide that works?

From the error message it looks as though -rand is expecting a parameter that is the name of the file - I think it is saying you've asked for -rand with file "-genkey" and I can't find that file.
Taken from genrsa(1):
Code:
-rand file...
       A file or files containing random data used to seed the random
       number generator.  Multiple files can be specified separated by an
       OS-dependent character.  The separator is ';' for MS-Windows, ',' for
       OpenVMS, and ':' for all others.

[-writerand file]
       Writes random data to the specified file upon exit.  This can be
       used with a subsequent -rand flag.
 
Looks like you need to find another guide that works?

From the error message it looks as though -rand is expecting a parameter that is the name of the file - I think it is saying you've asked for -rand with file "-genkey" and I can't find that file.

When I Google for using a https certificate on FreeBSD I'm not getting any examples using rand. They are usually more along the lines of "openssl genrsa -des3 -out server.key 1024" (taken from an old page, so don't just copy it!) So might be worth looking for a few modern examples and see if you can get something that works. Another example is https://nz.godaddy.com/help/apache-generate-csr-certificate-signing-request-5269

The key generation steps should be very similar to what you have to do on Linux, especially if you are using Apache and OpenSSL.
richardtoohey2,

You are absolutely right. I was using the wrong guide. I found digitcert guide and the following was a solve:

Code:
root@sharpenyoursword:~ # openssl genrsa -des3 -out privatekey.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
...........................................+++++
...............................................................................................+++++
e is 65537 (0x010001)
Enter pass phrase for privatekey.key:

Thank you again richard! Much obliged!

Guide I found: DigiCert
 
Check your path. Running openssl actually runs /usr/bin/openssl, not /usr/local/bin/openssl. So you're using the OpenSSL from the base OS, not the one you installed from ports. If you're on 12.x you don't really need the port, the base already includes 1.1.1.

Code:
dice@maelcum:~ % /usr/bin/openssl version
OpenSSL 1.1.1d-freebsd  10 Sep 2019
 
Back
Top