OpenSSL hangs during PKCS12 export with "Loading 'screen' into random state"

I am generating a self-signed SSL certificate with OpenSSL (not makecert), for use in IIS.

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '//CN=myhost'

(The double slash is correct. The command above does not work without that.)

openssl pkcs12 -export -out key.pfx -inkey key.pem -in cert.pem -name 'myhost'

The first command runs completes successfully. However the second get stuck with

Loading 'screen' into random state -

I am using OpenSSL (1.0.2d) that comes with Git for Windows (2.6.3). Anyone experiences the same issue?

Clarification: Question How to fix "unable to write 'random state' " in openssl describes different -- problem with writing the the .rnd file. Here the problem seems to be generating the random state. (And only in the second command.)

Solution 1:

Please try to add winpty before oppenssl:

winpty openssl ...

or you can run a new bash wrapped by winpty:

winpty bash

In the windows console, there is some problem with terminal input/output so winpty can help if some software requires unix terminal behavior.

winpty helped me to run openssl in this environment:

git version 2.7.3.windows.1
OpenSSL 1.0.2g  1 Mar 2016

Solution 2:

I found that I needed to specify the PFX password on the command line using -passout pass:SomePassword - e.g.:

openssl pkcs12 -export -out foo_example_com.pfx -inkey foo_example_com.key -in foo_example_com.crt -passout pass:Pa55w0rd