Description of problem: Error when trying to create a private key and CSR using the command line in openshift. [abc-xyz.rhcloud.com data]\> openssl genrsa -des3 -out myserverkey.key 2048 Generating RSA private key, 2048 bit long modulus .+++ .............+++ unable to write 'random state' e is 65537 (0x10001) Enter pass phrase for myserverkey.key: How reproducible: Follow the command line on openshift documentation to generate the private key and CSR. It will result in the above error Steps to Reproduce: 1. Access openshift SSH / Command line 2. Run openssl genrsa -des3 -out example.com.key 2048 Actual results: .+++ .............+++ unable to write 'random state' e is 65537 (0x10001) Expected results: ......++++++ ...................++++++ e is 65537 (0x10001)
This is expected behavior. You are not allowed to create additional files at the root of your home directory. The openssl command will attempt to create the file $HOME/.rnd. When it cannot be created, the error you are seeing is reported. This has never been allowed and is not a recent change. Could you please provide a link to the documentation you reference where this command is instructed to be run inside of a gear? The key can still be created successfully if you specify a path where you have write persmissions, such as $OPENSHIFT_DATA_DIR/, for the .rnd file and your key file: > export RANDFILE=$OPENSHIFT_DATA_DIR/.rnd > openssl genrsa -des3 -out $OPENSHIFT_DATA_DIR/myserverkey.key 2048 Generating RSA private key, 2048 bit long modulus .+++ .............................................+++ e is 65537 (0x10001) Enter pass phrase for /var/lib/openshift/55d72c2d5a00089d700003cb/app-root/data//mykey.key:
I have tried creating the private key and the csr in the data directory many times earlier. Followed the steps mentioned in this openshift documentation: https://developers.openshift.com/en/managing-domains-ssl.html. When I was creating the private and csr keys I did a cd into $OPENSHIFT_DATA_DIR and ran the commands there - so it should have tried creating the files in it's current directory which was the data directory. So even when in data directory it tries to create the randfile in the home directory - now is that causing the trouble or something? The lines that I followed are For creating the private key: openssl genrsa -des3 -out example.com.key 2048 (This will fail with the unable to write 'random state' error) ... well, unless you precede this line with export RANDFILE=$OPENSHIFT_DATA_DIR/.rnd I guess) For generating the csr: openssl req -new -key example.com.key -out example.com.csr The method that you described works and I have been told about that method earlier - one that starts with randfile
Thanks for the additional information. OpenSSL does not attempt to create the 'random state' file in the current working directory. By default, it always creates this file in the user's home directory. We'll fix the documentation to instruct developers to properly create the CSR from within their gear.
Closing this as it's close to the EOL for v2.