[Opendnssec-user] Signer/HSM redundancy and database replication

Jakob Schlyter jakob at kirei.se
Sun Feb 28 17:40:57 UTC 2010

On 28 feb 2010, at 07.42, Antti Ristimäki wrote:

> However, I'm still missing one thing. I'm able to pregenerate the keys for a given time interval and I can see them in the HSM with the "ods-hsmutil list" command. When giving "ods-ksmutil list", the pregenerated keys are not listed at all, although I think that they should be listed as "GENERATED". The enforcer does use the pregenerated keys to roll out the keys, though.

yes, it seems that pre-generated keys are not listed at all by ksmutil - please file a bug describing this and we'll take a look at it.


More information about the Opendnssec-user mailing list