Red Hat Bugzilla – Bug 450679
certtool get timeout
Last modified: 2008-06-11 09:34:12 EDT
Description of problem:
Can't generate keys using certtool.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. certtool --generate-privkey
2. Nothing happens...
3. strace -p $(pidof certtool) => timeout on select()
# certtool --generate-privkey
Generating a private key...
Generating a 1024 bit RSA private key...
Should generate the privkey
OpenSSL works fine. I'm just trying to follow this doc
http://libvirt.org/remote.html#Remote_TLS_server_certificates is it outdated?
gnutls uses /dev/random for generating the most security critical random
material such as private keys. You need to have some source of entropy on the
system where you're generating private keys.
The timeout is on the /dev/random access?
The /dev/random works on my system, how can I get more entropy to be able to use
openssl doesn't use /dev/random? I'm just trying to understand why I can't use
OpenSSL uses /dev/urandom for seeding the internal RNG.
You can get more entropy into the system by pressing random keystrokes or moving
mouse randomly. If it is a server without attached keyboard and mouse it is a
problem though. There are some specialized RNG devices in some CPUs or
motherboard chipsets though.
thank you for all this information
You guess right I don't have physical access to the servers. I have no choice
and will use OpenSSL