[Opendnssec-user] Changing the <Algorithm> has no effect
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Feb 3 08:44:10 UTC 2010
In want to use SHA-256 for signing so I changed kasp.xml:
<!-- Parameters for KSK only -->
<KSK>
<Algorithm length="2048">8</Algorithm>
<Lifetime>P3D</Lifetime>
<Repository>softHSM</Repository>
<Standby>1</Standby>
</KSK>
<!-- Parameters for ZSK only -->
<ZSK>
<Algorithm length="1024">8</Algorithm>
<Lifetime>P1D</Lifetime>
<Repository>softHSM</Repository>
<Standby>1</Standby>
and I ran a "ksmutil update all". No error message but, at the next
resigning, everything is still done with algorithm 7. What did I
forget? Should I simply wait for the next key rollover?
More information about the Opendnssec-user
mailing list