When I tried to run the following command to issue a new private key, which I use to host my web app via SSL:
openssl genrsa -out example.key 2048
the following error occured:
unable to write 'random state'
e is 65537 (0x10001)
After digging out on the Web, I found a solution, which instructs you to delete the ~/.rnd
file, which is likely owned by root
.
sudo rm ~/.rnd
However, I found you don't need to delete the ~/.rnd
if you issue the openssl
command with sudo
.
So my question is:
what is the ~/.rnd
and why does it exist in my environment?
Which is a better way to issue a new private key?
Файл ~ / .rnd
принадлежит root
, если вы когда-либо запускали команду, изменяющую ~ / .rnd
как root
через sudo в режиме без входа в систему (т.е. без -i
). Что касается файла ~ / .rnd
, он содержит начальное значение для генератора случайных чисел OpenSSL. Наименее худшие документы, которые я могу найти на нем, - это RAND_read_file
(3) справочная страница .