# Cups hangs on Generating SSL Server key....[solved]

## fidel

I know this has already been discussed, for me none of the suggested solutions work. When I want to enter the cups webinterface cups forces me to enter an ssl encrypted page, even though I commented the line:

```
#  Encryption Required
```

Trying to enter this page makes cups hang, spitting the message in the logfile:

```
Generating SSL server key...
```

I tried to do

```
# find /
```

while trying to access the page. Same problem. I tried by connecting a keyboard on to it and just pressing randomly keys.... same problem..

Aarrgghhhhh, I just want my printserver to work for my lan, really don't need ssl here! Even though all other packages have absolutely no problem creating ssl keys! ssh runs just fine, apache with ssl as well!

Oh well, I tried to add the printer manually:

```
# lpadmin -p Brother_HL1250 -E -v /dev/usb/lp0 -m ./hl1250.ppd 

lpadmin: Ausgabe auf Dateien gesperrt! Gegebenenfalls FileDevice-Einstellung in "/etc/cups/cupsd.conf" ändern.
```

Sorry, got a german setup... it says, the output on files is locked, I should change this in cupsd.conf. There is no such setting!...

 :Evil or Very Mad: Last edited by fidel on Thu Apr 05, 2007 6:19 pm; edited 1 time in total

----------

## fidel

I downgraded to

```
net-print/cups-1.1.23-r8
```

The webinterface works now, printing doesn't! At this point another question:

Is the hardened-profile intended to not support cups?... Since I got a message that the profile server is not supported yet, I chose hardened....

----------

## fidel

Ahhh, got it working!

--> I upgraded again to the latest stable version, some changes were necessary: In all sections, all locations I added:

```

<Location ....>

Allow 192.168.1.*

</Location>

```

It works! Great!

----------

## salfter

 *fidel wrote:*   

> I know this has already been discussed, for me none of the suggested solutions work. When I want to enter the cups webinterface cups forces me to enter an ssl encrypted page, even though I commented the line:
> 
> ```
> #  Encryption Required
> ```
> ...

 

I ran into this annoyance today (again).  This time, though, I had run across a fix while getting Apache working with SSL on another box yesterday.  I tried it out with this problem, and it worked:

```
emerge clrngd && rc-update add clrngd default && /etc/init.d/clrngd start
```

The code that generates SSL keys pulls from /dev/random.  On a server where you're not banging at the console keyboard constantly, there's not much entropy to keep /dev/random supplied.  If you look at /proc/sys/kernel/random/entropy_avail, it probably has a single- or double-digit value in it.  It maxes out at 4096.  clrngd (stealing from the Freshmeat description) "gathers system randomness from fluctuations between different physical high-frequency clocks in a system. The randomness is tested with FIPS, and if this is successful, fed into the system entropy pool."  This enables SSL key generation (for Apache, CUPS, or whatever) to complete in a timely manner.

----------

## fidel

Great! Thanks!

----------

