[Opendnssec-user] opendnssec on Ubuntu 10.04 32bit

Rickard Bellgrim rickard at opendnssec.org
Mon Jul 4 14:32:16 UTC 2011


On Mon, Jul 4, 2011 at 9:58 AM, Bryton <bryton at tznic.or.tz> wrote:
> Here are the logs
>
> Jul  4 10:57:41 ubuntu-serv-dnssec ods-signerd: unable to open file
> /var/lib/opendnssec/signconf/tz.xml for reading: No such file or directory
> Jul  4 10:57:41 ubuntu-serv-dnssec ods-signerd: unable to open file
> /var/lib/opendnssec/signconf/tz.xml for reading: No such file or directory
> Jul  4 10:57:41 ubuntu-serv-dnssec ods-signerd: zone tz has policy default
> configured, but has no (valid) signconf file
> Jul  4 10:57:41 ubuntu-serv-dnssec ods-enforcerd: Key sharing is Off.
> Jul  4 10:57:42 ubuntu-serv-dnssec ods-enforcerd: Error creating key in
> repository SoftHSM
> Jul  4 10:57:42 ubuntu-serv-dnssec ods-enforcerd: generate key pair:
> CKR_GENERAL_ERROR

The Signer Engine starts faster than the Enforcer and can thus not
find the tz.xml. It will however read tz.xml once it has been created
by the Enforcer daemon. But the Enforcer was not able to create the
signconf, since the keys could not be created.

Is your HSM setup correctly done? Try:
ods-hsmutil list
ods-hsmutil test <Repository>

// Rickard



More information about the Opendnssec-user mailing list