<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" id="owaParaStyle"></style>
</head>
<body fpstyle="1" ocsi="0">
<div style="direction: ltr;font-family: Tahoma;color: #000000;font-size: 10pt;">I think its a permission problem , could you help ?
<div>If any clarifications needed replay me .</div>
<div>Thnx</div>
<div style="font-family: Times New Roman; color: #000000; font-size: 16px">
<hr tabindex="-1">
<div id="divRpF857785" style="direction: ltr;"><font face="Tahoma" size="2" color="#000000"><b>From:</b> opendnssec-user-bounces@lists.opendnssec.org [opendnssec-user-bounces@lists.opendnssec.org] on behalf of Abdalmonem Tharwat Galila [agalila@mcit.gov.eg]<br>
<b>Sent:</b> Sunday, August 31, 2014 11:18 AM<br>
<b>To:</b> opendnssec-user@lists.opendnssec.org<br>
<b>Subject:</b> [Opendnssec-user] ods-enforcerd: Error creating key in repository SoftHSM-KSK<br>
</font><br>
</div>
<div></div>
<div>
<div style="direction:ltr; font-family:Tahoma; color:#000000; font-size:10pt"><span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">I got the following error message and enforcer could not restarted</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">[root@ns2 ~]# ods-control start</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Starting enforcer...</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 9473</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Could not start enforcer</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">[root@stage-ns2 ~]# tail -f /var/log/messages</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Aug 30 01:03:27 stage-ns2 ods-enforcerd: Connecting to Database...</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy default found.</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off.</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Aug 30 01:03:27 stage-ns2 ods-enforcerd: No zones on policy default, skipping...</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy DotMasr found.</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off.</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 zone(s) found on policy "Dot2"</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 new KSK(s) (2048 bits) need to be created for policy Dot2: keys_to_generate(1) = keys_needed(1) - keys_available(0).</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Aug 30 01:03:27 stage-ns2 ods-enforcerd: Error creating key in repository SoftHSM-KSK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Aug 30 01:03:27 stage-ns2 ods-enforcerd: generate key pair: CKR_GENERAL_ERROR</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">[root@stage-ns2 ~]# ods-hsmutil test SoftHSM -v</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Testing repository: SoftHSM</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 512-bit RSA key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Extracting key identifier... OK, 1134ad3426577e59c44c60f2be8c6351</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA1) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA256) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Deleting key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 768-bit RSA key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Extracting key identifier... OK, 23a83e3a60cb2deaf108d40b2473cdd3</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA1) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA256) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Deleting key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 1024-bit RSA key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Extracting key identifier... OK, e27502cde45ad9594f4170c323277428</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA1) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA256) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA512) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Deleting key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 1536-bit RSA key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Extracting key identifier... OK, 01d15dcaeff6862df8fd92477fa59023</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA1) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA256) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA512) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Deleting key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 2048-bit RSA key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Extracting key identifier... OK, c5ac4f805cd3c11b7e7ed53616c6c345</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA1) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA256) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA512) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Deleting key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 4096-bit RSA key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Extracting key identifier... OK, d728d0cbf867eebe912f1688d0f9cf6b</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA1) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA256) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Signing (RSA/SHA512) with key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Deleting key... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 512-bit DSA key... Failed</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 768-bit DSA key... Failed</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 1024-bit DSA key... Failed</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 512-bit GOST key... Failed</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">generate key pair: CKR_MECHANISM_INVALID</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 1024 bytes of random data... OK</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 32-bit random data... 2643190841</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Generating 64-bit random data... 9844808495919432962</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">[root@stage-ns2 ~]#</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">and no keys :-</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">[root@stage-ns2 ~]# ods-hsmutil list</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Listing keys in all repositories.</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">0 keys found.</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Repository            ID                                Type     </span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">----------            --                                ----     </span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">[root@stage-ns2 ~]#</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">[root@stage-ns2 ~]# softhsm --show-slots</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Available slots:</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Slot 0</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           Token present: yes</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           Token initialized: yes</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           User PIN initialized: yes</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           Token label: OpenDNSSEC                     </span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Slot 1</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           Token present: yes</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           Token initialized: yes</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           User PIN initialized: yes</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           Token label: KSK                            </span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Slot 2</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           Token present: yes</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           Token initialized: yes</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           User PIN initialized: yes</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">           Token label: ZSK                            </span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">[root@stage-ns2 ~]#</span><br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<br style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">
<span style="font-family:Times; font-size:small; background-color:rgb(255,255,255)">Could you advice ?</span></div>
</div>
</div>
</div>
</body>
</html>