[Swan] Key pair generation failed: "-8037"

[Greg Scott]

So on the assumption my thinking is messed up about preshared keys and RSA keys are something different, I try to generate a new RSA key and get an error that says, key pair generation failed:  "-8037".  Here is some output, showing the contents of /etc/ipsec.d before and after, and the empty hostkey.secrets file it generates.  

[root at NSSSS2013-fw ipsec.d]# ls
cacerts  crls  hq-ipsec.conf  policies  sites.conf
[root at NSSSS2013-fw ipsec.d]# ipsec newhostkey --output /etc/ipsec.d/hostkey.secrets --verbose --hostname NSSSS2013-fw
getting 60 random bytes from /dev/random...
ipsec rsasigkey: key pair generation failed: "-8037"
[root at NSSSS2013-fw ipsec.d]#
[root at NSSSS2013-fw ipsec.d]# ls
cacerts  cert8.db  crls  hostkey.secrets  hq-ipsec.conf  key3.db  policies  secmod.db  sites.conf
[root at NSSSS2013-fw ipsec.d]#
[root at NSSSS2013-fw ipsec.d]# more hostkey.secrets
: RSA   {
        }
# do not change the indenting of that "}"
[root at NSSSS2013-fw ipsec.d]#

In the old openswan days, you needed to make the system busy for /dev/random to work.  I've always just started a few windows and done ls / -R in each window.  Are the rules different now?

Thanks

- Greg