[Opendnssec-user] Problem trying to run Signer Engine

[Matthijs Mekking]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

Sitowitz, Paul wrote:
> /Unable to continue, stopping:/
> 
> à          Needed to update Python code for signer_engine to log the
> actual error which caused the above to fail
> 
> à          vi /usr/local/lib/opendnssec/signer/Engine.py +703 
> /(inserted code below)/
> 
> syslog.syslog(syslog.LOG_ERR, "Error: " +  str(e))
> 
>         raise e
> 
> à          /usr/local/sbin/signer_engine

This was fixed on 9/1/2009 and made the 1.0a4 release.

> /Sep 16 14:47:04 dev-ng-core3 OpenDNSSEC signer engine: Zone
> example-zone.com locked/
...

> /Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: create_dnskey
> stderr: Unable to find key with id DFE7265B783F418685380AA784C2F31D /
> 
> /Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: create_dnskey
> status: 11/
> 
> /Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: equality: False/
> 
> /Sep 16 14:47:05 dev-ng-core3 OpenDNSSEC signer engine: Error: could not
> find key DFE7265B783F418685380AA784C2F31D/

Keys must be in the HSM. Check it with 'hsmutil list'. Keys can be
generated with 'hsmutil generate <repository> rsa [key length]'.

> Question:  Where should I obtain the correct values for the <Locator>
> tags above for BOTH the KSK and ZSK?

Use the output of hsmutil list and/or generate.


Best regards,

Matthijs Mekking
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJKsfeCAAoJEA8yVCPsQCW5D/4H/RZfCmEcY+rPdnQ8W1Pq3qAA
Hrc4XOD6NQsAAGlWqeN2ubFiQkuZ7hZKz24yKUZC6XH7l4Nzdd+dSPKd4wqdNrXV
cB9TwXXq6Byz/7rj1tw4HTYcplNVL/SG8QCLcK/DoruJajzi3RYvMTWXV5E36OzR
Zb4XRr8Af8IG+am+lzs1vleUdvqHjZ5VAh1yzDBjk/eNAgxm8bN1ODV3TqjWhwFs
Bgn6dmOyC4jApk6jkdQr6VMRFhcPK3J2ECJZUt3PjjEVzXsLDgIcu+xqvBBwJ9Vi
X+3676m/8qdjEZSLj6b9Wn6wbAk15tpDAzHeiCLeZZeCJ7mF8bNWGFTxss4ITXk=
=0dvG
-----END PGP SIGNATURE-----