diff --git a/docs/04-certificate-authority.md b/docs/04-certificate-authority.md
index 253e5fe..b84e2cd 100644
--- a/docs/04-certificate-authority.md
+++ b/docs/04-certificate-authority.md
@@ -20,6 +20,9 @@ Create a CA certificate, then generate a Certificate Signing Request and use it
 # Create private key for CA
 openssl genrsa -out ca.key 2048
 
+# Comment line starting with RANDFILE in /etc/ssl/openssl.cnf definition to avoid permission issues
+sudo sed -i '0,/RANDFILE/{s/RANDFILE/\#&/}' /etc/ssl/openssl.cnf
+
 # Create CSR using the private key
 openssl req -new -key ca.key -subj "/CN=KUBERNETES-CA" -out ca.csr