[Opendnssec-user] Documentation on the state of keys?
Rick van Rein
rick at openfortress.nl
Fri Feb 5 14:01:06 UTC 2010
Stephane,
> key states: GENERATED|PUBLISHED|READY|ACTIVE|RETIRED|REVOKED|DEAD
>
> without explanations.
The man-pages give a bit more detail.
> but I never see GENERATED and DEAD and wonder what are their uses.
My guess is that you are not enforcing HSM backup before you allow
a key to be used by OpenDNSSEC. This should put the keys in GENERATED
mode.
As for REVOKED and DEAD I'm also confused.
> (If I generate keys with ksmutil key generate, I do not see them in
> the output of ksmutil key list.)
That is the other possible cause why you don't see the GENERATED state :)
-Rick
More information about the Opendnssec-user
mailing list