This is an unharmful error "Can't load /config/my-easy-rsa-config/pki/.rnd into RNG
140039105021120:error:2406F079:random number generator" received while calling ./easyrsa build-ca:
vyos@vyos:/config/my-easy-rsa-config$ sudo ./easyrsa build-ca Note: using Easy-RSA configuration from: ./vars Using SSL: openssl OpenSSL 1.1.1n 15 Mar 2022 Enter New CA Key Passphrase: Re-Enter New CA Key Passphrase: Generating RSA private key, 2048 bit long modulus (2 primes) .............................................+++++ ........................+++++ e is 65537 (0x010001) Can't load /config/my-easy-rsa-config/pki/.rnd into RNG 140039105021120:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:98:Filename=/config/my-easy-rsa-config/pki/.rnd You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -----
The error message can be fixed by applying this workaround or update to Easyrsa v3.0.7 or later:
$ sed -i 's/^RANDFILE/#RANDFILE/g' pki/openssl-easyrsa.cnf
VyOS 1.3.6 version uses 3.0.6 version which have the issue.
ii easy-rsa 3.0.6-1 all Simple shell based CA utility
Reference link:
https://packages.debian.org/buster/easy-rsa
https://salsa.debian.org/debian/easy-rsa/-/blob/debian/3.0.8/openssl-easyrsa.cnf?ref_type=tags
https://github.com/fijimunkii/docker-openvpn/commit/e9bb0a10dda1c2c3f4d3d156513b21f33e07e650
https://github.com/OpenVPN/easy-rsa/issues/261