genkey in RHEL 6 seems to be broken, or at least it is in vSphere. Generating an SSL key takes forever, and then it fails at the end of the process with a non-descript error.
The fix, after futzing for a bit was to run it with the “–test” option. When run that way, it doesn’t try to use the kernel’s random number generator, but instead uses random keyboard input to generate the randomness for the key.
Looking online for info with regards to this turned up nothing, so I thought I would post the solution here. Good luck!
UPDATE:So after receiving a signed cert back from ipSCA using a CSR generated with the above process, I found the CRT doesn’t work. I don’t know if this is because of the process, or whether ipSCA made a mistake in creating the CRT. I have instead generated the key and csr manually using the openssl utility and submitted that CSR to ipSCA. We will see if they send me back a valid CRT. Will update again once I know.