unable generate server.key using openssl /dev/urandom on Redhat 4 AS

nordinyasin · 09-09-2008, 01:28 AM

Guys. Need your help to resolve my problems. I'am now trying to register verisign ssl cert. My problems is i was unable to generate server.key on my Redhat 4 AS update 6 64bit. below are the command i type given by verisign

/usr/bin/openssl genrsa -rand /dev/urandom -out /etc/httpd/conf/server.key 1024

nothing was created and the process seems taking too long. I'd to kill the process to stop it. Anyone please help me. When I do Top, the openssl procss running at 90-98% of cpu load.

billymayday · 09-09-2008, 02:06 AM

Should only take a second or two to run. What exactly is your screen telling you when you run it?

nordinyasin · 09-10-2008, 12:55 AM

Nothing, no error message or warning. See below :

[root@localhost conf]# /usr/bin/openssl genrsa -rand /dev/urandom -out /etc/httpd/conf/server.key 1024

and my Top result :

Cpu(s): 26.7% us, 72.7% sy, 0.0% ni, 0.0% id, 0.0% wa, 0.7% hi, 0.0% si
Mem: 254732k total, 235532k used, 19200k free, 20992k buffers
Swap: 524280k total, 224k used, 524056k free, 105148k cached

PID USER PR NI %CPU TIME+ %MEM VIRT RES SHR S COMMAND
11918 root 25 0 89.2 1:35.48 0.4 3804 1088 896 R openssl
6135 root 15 0 6.7 2:18.63 7.0 40812 17m 5456 S X

I'm using Red Hat Enterprise Linux AS release 4 (Nahant Update 6). I can generate the key using 'openssl genrsa -out file.key' but i'm not sure if the key is strong or not.

billymayday · 09-10-2008, 12:58 AM

Can you create the key in any other location (ie change the -out destination)?

What version openssl do you have?

nordinyasin · 09-10-2008, 03:19 AM

I'd tried to change to other directory but still no outcome. My openssl version is OpenSSL 0.9.7a. Below are the rpm package that were installed.

xmlsec1-openssl-1.2.6-3
openssl-0.9.7a-43.17.el4_6.1
openssl-devel-0.9.7a-43.17.el4_6.1
openssl096b-0.9.6b-22.46