[Opendnssec-user] NOTE: keys generated in repository SoftHSM will not become active until they have been backed up
denethorr
denethorr at o2.pl
Sun Feb 26 19:08:29 UTC 2012
Hello list.
I have installed opendnssec and softhsm from debian wheeze repositories.
The problem is, that i can not sign zone because keys are not active -
quotes from /var/log/messages:
1. Feb 26 19:45:21 debian ods-enforcerd: NOTE: keys generated in
repository SoftHSM will not become active until they have been backed up
2. Feb 26 19:45:21 debian ods-enforcerd: WARNING: KSK rollover for zone
'xxx.com' not completed as there are no keys in the 'ready' state;
ods-enforcerd will try again when it runs next
Below, commands i have made to check the system.
1. ods-hsmutil list
Listing keys in all repositories.
2 keys found.
Repository ID Type
---------- -- ----
SoftHSM a5351ded2deb965587aedb243f44878d RSA/2048
SoftHSM d3c98511eab3dec1e4d62e5a3f3717d3 RSA/2048
2. ods-ksmutil key list
Keys:
Zone: Keytype: State: Date of next
transition:
xxx.com ZSK active 2012-03-27
15:02:21
xxx.com KSK publish 2012-02-27 05:02:21
3. root at debian:~# ods-ksmutil backup prepare
There were no keys to mark
root at debian:~# ods-ksmutil backup commit
There were no keys to mark
root at debian:~# ods-ksmutil backup list
Backups:
Date: Repository:
2012-02-26 15:02:00 SoftHSM
root at debian:~# ods-ksmutil backup done
There were no keys to mark
There were no keys to mark
Do you have any suggestions?
Best Regards,
Jan
More information about the Opendnssec-user
mailing list