<div dir="ltr">Thanks for the response.<br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 4, 2016 at 10:13 AM, Berry A.W. van Halderen <span dir="ltr"><<a href="mailto:berry@nlnetlabs.nl" target="_blank">berry@nlnetlabs.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><span class="">On 05/04/2016 08:59 AM, Arun N S wrote:<br>
> Hi,<br>
><br>
> Trying to configure OpenDNSSEC with SoftHSM with automatic key<br>
> generation and roll over.<br>
><br>
> While querying the database for keys:<br>
> Zone: Keytype: State: Date of next<br>
> transition (to): Size: Algorithm: CKA_ID:<br>
> Repository: Keytag:<br>
</span>> <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>> ZSK active<br>
<span class="">> 2016-05-04 10:40:56 (retire) 2048 8<br>
> 457a1480ae07d5a966d40338777e4b93 SoftHSM 31461<br>
</span>> <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>> ZSK generate<br>
<span class="">> (not scheduled) (publish) 2048 8<br>
> 5ab3b8b52447860557e3b47c0c3b0ac8 SoftHSM 23151<br>
</span>> <a href="http://example.com" rel="noreferrer" target="_blank">example.com</a> <<a href="http://example.com" rel="noreferrer" target="_blank">http://example.com</a>> KSK publish<br>
<span class="">> 2016-05-04 09:47:36 (ready) 2048 8<br>
> 2fcc6fb8591261b35d82b81f588b630d SoftHSM 45250<br>
><br>
> I can see that "Date of next transition" for KSK is at 2016-05-04<br>
> 09:47:36 to READY. Is it supposed to happen automatically?<br>
<br>
</span>Yes, as long as the system is running transitions are performed<br>
automatically. Except when it explicitly indicates so ("waiting<br>
for...").<br></blockquote><div><br></div><div><br></div><div>The "Date of next transition" is already passed and the key state did not change until I stop and start ods-control.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<span class=""><br>
> The state did not change until I stop and start ods-control.<br>
<br>
</span>How do you mean, the transition is scheduled for a future time (at least<br>
I guess your timezone). Was the state different earlier or did<br>
it change state?<br></blockquote><div><br></div><div>This is on a test lab with shorter roll over intervals, and the future time has already reached, and the state did not change.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">
<br>
\Berry<br>
<br>
> Thanks,<br>
> Arun<br>
><br>
><br>
><br>
> _______________________________________________<br>
> Opendnssec-user mailing list<br>
> <a href="mailto:Opendnssec-user@lists.opendnssec.org">Opendnssec-user@lists.opendnssec.org</a><br>
> <a href="https://lists.opendnssec.org/mailman/listinfo/opendnssec-user" rel="noreferrer" target="_blank">https://lists.opendnssec.org/mailman/listinfo/opendnssec-user</a><br>
><br>
<br>
_______________________________________________<br>
Opendnssec-user mailing list<br>
<a href="mailto:Opendnssec-user@lists.opendnssec.org">Opendnssec-user@lists.opendnssec.org</a><br>
<a href="https://lists.opendnssec.org/mailman/listinfo/opendnssec-user" rel="noreferrer" target="_blank">https://lists.opendnssec.org/mailman/listinfo/opendnssec-user</a><br>
</blockquote></div><br></div></div>