diff --git a/include/haproxy/ssl_sock.h b/include/haproxy/ssl_sock.h
index 9978abc08..cb9c0b86c 100644
--- a/include/haproxy/ssl_sock.h
+++ b/include/haproxy/ssl_sock.h
@@ -120,6 +120,7 @@ int ssl_load_global_issuer_from_BIO(BIO *in, char *fp, char **err);
 int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, char **err);
 int ssl_sock_load_srv_cert(char *path, struct server *server, char **err);
 void ssl_free_global_issuers(void);
+int ssl_initialize_random(void);
 int ssl_sock_load_cert_list_file(char *file, int dir, struct bind_conf *bind_conf, struct proxy *curproxy, char **err);
 int ssl_init_single_engine(const char *engine_id, const char *def_algorithms);
 #if ((defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP) && !defined OPENSSL_IS_BORINGSSL)
diff --git a/src/haproxy.c b/src/haproxy.c
index c05f18d76..7e0141335 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1510,6 +1510,16 @@ static void init(int argc, char **argv)
 	if (init_acl() != 0)
 		exit(1);
 
+#ifdef USE_OPENSSL
+	/* Initialize the random generator.
+	 * Must be called before chroot for access to /dev/urandom
+	 */
+	if (!ssl_initialize_random()) {
+		ha_alert("OpenSSL random data generator initialization failed.\n");
+		exit(1);
+	}
+#endif
+
 	/* Initialise lua. */
 	hlua_init();
 
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 059fef3f4..4ebf56f2a 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3536,7 +3536,7 @@ static int ssl_sock_load_srv_ckchs(const char *path, struct ckch_store *ckchs,
  * if the random is said as not implemented, because we expect that openssl
  * will use another method once needed.
  */
-static int ssl_initialize_random()
+int ssl_initialize_random(void)
 {
 	unsigned char random;
 	static int random_initialized = 0;
@@ -4640,12 +4640,6 @@ int ssl_sock_prepare_srv_ctx(struct server *srv)
 	int cfgerr = 0;
 	SSL_CTX *ctx = srv->ssl_ctx.ctx;
 
-	/* Make sure openssl opens /dev/urandom before the chroot */
-	if (!ssl_initialize_random()) {
-		ha_alert("OpenSSL random data generator initialization failed.\n");
-		cfgerr++;
-	}
-
 	/* Automatic memory computations need to know we use SSL there */
 	global.ssl_used_backend = 1;
 
@@ -4898,11 +4892,6 @@ int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf)
 	/* Automatic memory computations need to know we use SSL there */
 	global.ssl_used_frontend = 1;
 
-	/* Make sure openssl opens /dev/urandom before the chroot */
-	if (!ssl_initialize_random()) {
-		ha_alert("OpenSSL random data generator initialization failed.\n");
-		err++;
-	}
 	/* Create initial_ctx used to start the ssl connection before do switchctx */
 	if (!bind_conf->initial_ctx) {
 		err += ssl_initial_ctx(bind_conf);