Red Hat Bugzilla – Bug 450679
certtool get timeout
Last modified: 2008-06-11 09:34:12 EDT
Description of problem: Can't generate keys using certtool. Version-Release number of selected component (if applicable): gnutls-utils-1.6.3-3.fc8 How reproducible: static Steps to Reproduce: 1. certtool --generate-privkey 2. Nothing happens... 3. strace -p $(pidof certtool) => timeout on select() Actual results: # certtool --generate-privkey Generating a private key... Generating a 1024 bit RSA private key... [then nothing] Expected results: Should generate the privkey Additional info: OpenSSL works fine. I'm just trying to follow this doc http://libvirt.org/remote.html#Remote_TLS_server_certificates is it outdated?
gnutls uses /dev/random for generating the most security critical random material such as private keys. You need to have some source of entropy on the system where you're generating private keys.
The timeout is on the /dev/random access? The /dev/random works on my system, how can I get more entropy to be able to use gnutls? openssl doesn't use /dev/random? I'm just trying to understand why I can't use certtool.
OpenSSL uses /dev/urandom for seeding the internal RNG. You can get more entropy into the system by pressing random keystrokes or moving mouse randomly. If it is a server without attached keyboard and mouse it is a problem though. There are some specialized RNG devices in some CPUs or motherboard chipsets though.
thank you for all this information You guess right I don't have physical access to the servers. I have no choice and will use OpenSSL