[Opendnssec-user] SoftHSM errors
Casper Gielen
c.gielen at uvt.nl
Thu Jan 20 12:27:45 UTC 2011
I just spotted a few errors in my logs. The same happens for other zones as well.
Despite these errors the key seems be stored just fine.
I use SoftHSM version 1.2.0 as packaged by Ondřej Surý.
There is no real problem, things just work. I wonder if this is really an error
or just a misleading message.
Jan 20 13:04:45 metagross ods-signerd: No information yet for key 8c02fca833110020983c64f61ae843fc
Jan 20 13:04:45 metagross ods-signerd: Generating DNSKEY RR for 8c02fca833110020983c64f61ae843fc
Jan 20 13:04:45 metagross ods-signerd: Run command: '/usr/lib/opendnssec/opendnssec/get_class -f /var/lib/opendnssec/tmp/example.com.sorted'
Jan 20 13:04:45 metagross ods-signerd: create_dnskey stderr: Error initializing libhsm
Jan 20 13:04:45 metagross ods-signerd: create_dnskey status: 3
Jan 20 13:04:45 metagross ods-signerd: equality: False
Jan 20 13:04:45 metagross ods-signerd: Error: could not find key 8c02fca833110020983c64f61ae843fc
Jan 20 13:04:45 metagross ods-signerd: Run command: '/usr/lib/opendnssec/opendnssec/get_class -f /var/lib/opendnssec/tmp/example.com.sorted'
Jan 20 13:04:45 metagross ods-signerd: Run command: '/usr/lib/opendnssec/opendnssec/zone_reader -c /etc/opendnssec/conf.xml -f /var/lib/opendnssec/tmp/example.com.sorted -k 1 -o example.com -s /var/lib/opendnssec/signconf/example.com.xml -w /var/lib/opendnssec/tmp/example.com.nsecced -x /var/lib/opendnssec/tmp/example.com.optout'
Jan 20 13:04:45 metagross ods-signerd: Writing file to zone_reader: /var/lib/opendnssec/tmp/example.com.sorted
Jan 20 13:04:45 metagross ods-signerd: Nseccing failed
Jan 20 13:04:45 metagross ods-signerd: create_dnskey stderr: Error initializing libhsm
Jan 20 13:04:45 metagross ods-signerd: create_dnskey status: 3
Jan 20 13:04:45 metagross ods-signerd: equality: False
root at metagross:~# ods-ksmutil key list --zone example.com -v
SQLite database set to: /var/lib/opendnssec/db/kasp.db
Keys:
Zone: Keytype: State: Date of next transition: CKA_ID: Repository: Keytag:
example.com KSK active 2011-11-29 14:35:20 927ec803b8cecd1660ac461ce52710f7 SoftHSM 36969
example.com KSK dsready When required 39aee23e7d7353cf3b611daf58d0ce41 SoftHSM 10813
example.com KSK dsready When required d50ea2e36b1cc9f59dd20a3b970f4f17 SoftHSM 12793
example.com ZSK active 2011-01-25 13:54:33 a23bcd8ab51453011b030f336804149b SoftHSM 40155
example.com ZSK ready next rollover 8221da5577cb758178d03e76ba62e679 SoftHSM 28775
example.com ZSK ready next rollover c79ba9dcd023e48cd7291bbd0d9ea776 SoftHSM 26460
example.com ZSK ready next rollover 55e036a808ce250677759122524c5c70 SoftHSM 5940
example.com ZSK ready next rollover 8c02fca833110020983c64f61ae843fc SoftHSM 46688
root at metagross:~# ods-ksmutil key export --zone example.com--keytype ZSK --keystate READY |grep 46688
SQLite database set to: /var/lib/opendnssec/db/kasp.db
example.com. 3600 IN DNSKEY 256 3 7 AwEAAcZYtP3U/NAzDV5D4aeR5QFAU93/nx50ajj6FxG6Z9fXI7visFIt6Eo+p85HmQHozE65jkBzPuP6QV7l2r4A0Np5rDs5diKsRrSHgxTGsRVaKdOzWfzHsYW1hnvktNoHV+ZM9G/He0+0zwEPfaatqi1hLQ30CujfcDkTRyCeOeWv ;{id = 46688 (zsk), size = 1024b}
root at metagross:~# softhsm --version
1.2.0
--
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7
Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20110120/18838460/attachment.bin>
More information about the Opendnssec-user
mailing list