Problem (solved) generating p12 certs after upgrade

I ran into a problem (openssl 256 error) when replacing expired vpn certs for some of my users after upgrading IPFire from 174 to 177. Other posts here said to look at /var/log/httpd/error_log, which showed this:

Can’t load /var/ipfire/ovpn/ca/.rnd into RNG
4047A354C77F0000:error:12000079:random number generator:RAND_load_file:Cannot open >file:crypto/rand/randfile.c:106:Filename=/var/ipfire/ovpn/ca/.rnd

When checked, this file was owned by root:root with permissions 600. Other files in that directory were owned by nobody:nobody with 644 permissions. Changing this cleared that error.

I’m documenting this here in case someone else hits this. Hopefully it will save them a little time.


Had exact same issue with exact same solution! Cheers for the documentation!