search cancel

SAM: Openssl extension failed message in SAM 4.5/PHP 7.3 Implementations


Article ID: 190452


Updated On:


CA Software Asset Manager (CA SAM) CA IT Asset Manager CA IT Asset Manager Asset Portfolio Management


During an attempt to install CA SAM 4.5 with PHP 7.3, an openSSL message may present during Check Installation which states:

ERROR:Openssl extension failed.
Hint: check whether system variable "OPENSSL_CONF" is defined and pointing to the correct file.
asp_crypt->check_errors(): failed. error: error:24070079:random number generator:RAND_write_file:Cannot open file

Despite defining the OPENSSL_CONF system environment variable to point to the openssl.cnf file (including the path), the above error will persist.


CA SAM 4.5, PHP 7.3

Error is specific to PHP 7.3 releases, starting from PHP 7.3.7 onwards


PHP 7.3.7 or newer is being applied.  The openssl.cnf file that is included in PHP 7.3.7 and later will lack these two lines in the openssl.cnf file content:

RANDFILE                = $ENV::HOME/.rnd
RANDFILE        = $dir/private/.rand    # private random number file


To address, one needs to modify IIS to include the RANDFILE environment variable that is being requested in the above error.
  • Go into IIS Manager

  • Under the SAMServer, access "Edit FastCGI Settings"

  • Double click on your handler mapping (php-cgi.exe)

  • Select "Environment Variables" and click on the elipsis icon on the far right of the window

  • You will see an "EnvironmentVariables Collection Editor".  Click "Add"
  • On the right hand side, enter for "Name" the entry "RANDFILE" and for "Value, enter "C:/PROGRA~1/ca/Sam/tmp/.rnd"

    Note:  The above is the tmp directory in the SAM install directory, rendered in 8.3 notation to prevent any issues with space values in the path (ie "PROGRA~1" instead of "Program Files".  The above directory location, C:/PROGRA~1/ca/Sam/tmp/ should be a location where the application pool or the IIS_IUSRS user (SAMServer\IIS_IUSRS) has write access. 

  • Click "OK" to accept the change.

  • Reboot the entire IIS Server.  This is important as IIS has been observed to not accept environment variable changes despite recycling IIS Services unless a full reboot is performed.

  • Once rebooted, try the check install URL, ie:

  • The error message should no longer appear:

Additional Information

The last known implementation of PHP 7.3 that has the correct openssl.cnf content is PHP 7.3.6.  One can ignore the above instruction set if applying this release of PHP 7.3.

Support does not advise mixing configuration files across PHP releases.  ie:  it is not known if the CA SAM implementation will be stable or functional if one retains PHP 7.3.7 and copies in the openssl.cnf file from a previous implementation of PHP.

See also:
SAM: CA Software Asset Manager check installation fails with error: openssl extension failed