[openssl-users] using a random number file for generation of keys/certificates

[Kevin Long]

Hello,

I’m using openssl to administer a root/intermediate CA  and I use the certificates for a number of web servers and other applications. All of my users install my root CA certificate for trust.

I’ve been asked to use a hardware random number generator to create the keys/certificates going forward. I have a hardware RNG, and have created several files of random numbers using it, and I would like to know:

1) Can I specify my random numbers file to create keys/certificates from my CA (openssl command line, mac or linux)

2) Will this actually do any good, security wise,  given how openssl certs/keys “work”.  My users and superiors are concerned with backdoors in PRNGs and RNG predictabilities. 

3) If I can indeed use my own random numbers, does this mean I have to start my CA from scratch to take advantage of any benefit using “true” random numbers from my hardware RNG? or would simply using my RN’s for the generation of  keys for new certificates going forward allow for the benefit the true randomness gives.

Thank you.