[Opendnssec-user] Signer/HSM redundancy and database replication
Jakob Schlyter
jakob at kirei.se
Sun Feb 28 17:40:57 UTC 2010
On 28 feb 2010, at 07.42, Antti Ristimäki wrote:
> However, I'm still missing one thing. I'm able to pregenerate the keys for a given time interval and I can see them in the HSM with the "ods-hsmutil list" command. When giving "ods-ksmutil list", the pregenerated keys are not listed at all, although I think that they should be listed as "GENERATED". The enforcer does use the pregenerated keys to roll out the keys, though.
yes, it seems that pre-generated keys are not listed at all by ksmutil - please file a bug describing this and we'll take a look at it.
jakob
More information about the Opendnssec-user
mailing list