Hello, This is with openssl 1.1.1t, self compiled on Linux SuSE SLES 15: /usr/local/sisis-pap/bin/openssl version OpenSSL 1.1.1t 7 Feb 2023 export OPENSSL_CONFIG=/usr/local/sisis-pap/openssl.cnf export OPENSSL=/usr/local/sisis-pap/bin/openssl cp -p /usr/local/sisis-pap/misc/CA.pl . ./CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... ==== /usr/local/sisis-pap/bin/openssl req /usr/local/sisis-pap/openssl.cnf -new -keyout ./demoCA/private/cakey.pem -out ./demoCA/careq.pem req: Use -help for summary. ... If I look into /usr/local/sisis-pap/bin/openssl req -help "req" does not seem to expect a config file there, but CA.pl sets it: grep 'my $REQ' CA.pl my $REQ = "$openssl req $OPENSSL_CONFIG"; Next try without OPENSSL_CONFIG: unset OPENSSL_CONFIG ./CA.pl -newca CA certificate filename (or enter to create) Making CA certificate ... ==== /usr/local/sisis-pap/bin/openssl req -new -keyout ./demoCA/private/cakey.pem -out ./demoCA/careq.pem Can't load /home/sisis/.rnd into RNG 140713478350656:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:98:Filename=/home/sisis/.rnd Generating a RSA private key Why it wants to load %HOME/.rnd? I looked into openssl-1.1.1t/crypto/rand/randfile.c 53 #define RFILE ".rnd" 97 if ((in = openssl_fopen(file, "rb")) == NULL) { 98 RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE); 99 ERR_add_error_data(2, "Filename=", file); 100 return -1; 101 } and after line 287, RFILE is appended to $HOME. And mode "rb" (b is ignored on Linux) wants the file for reading, i.e. existing. matthias -- Matthias Apitz, ✉ guru@xxxxxxxxxxx, http://www.unixarea.de/ +49-176-38902045 Public GnuPG key: http://www.unixarea.de/key.pub