[Opendnssec-user] NOTE: keys generated in repository SoftHSM will not become active until they have been backed up

denethorr denethorr at o2.pl
Sun Feb 26 19:08:29 UTC 2012


Hello list.

I have installed opendnssec and softhsm from debian wheeze repositories.

The problem is, that i can not sign zone because keys are not active - 
quotes from /var/log/messages:

1. Feb 26 19:45:21 debian ods-enforcerd: NOTE: keys generated in 
repository SoftHSM will not become active until they have been backed up

2. Feb 26 19:45:21 debian ods-enforcerd: WARNING: KSK rollover for zone 
'xxx.com' not completed as there are no keys in the 'ready' state; 
ods-enforcerd will try again when it runs next

Below, commands i have made to check the system.

1. ods-hsmutil list
Listing keys in all repositories.
2 keys found.

Repository            ID                                Type
----------            --                                ----
SoftHSM               a5351ded2deb965587aedb243f44878d  RSA/2048
SoftHSM               d3c98511eab3dec1e4d62e5a3f3717d3  RSA/2048

2. ods-ksmutil key list
Keys:
Zone:                           Keytype:      State:    Date of next 
transition:
xxx.com                         ZSK           active    2012-03-27 
15:02:21
xxx.com                         KSK           publish   2012-02-27 05:02:21

3. root at debian:~# ods-ksmutil backup prepare
There were no keys to mark
root at debian:~# ods-ksmutil backup commit
There were no keys to mark
root at debian:~# ods-ksmutil backup list
Backups:
Date:                    Repository:
2012-02-26 15:02:00      SoftHSM

root at debian:~# ods-ksmutil backup done
There were no keys to mark
There were no keys to mark

Do you have any suggestions?

Best Regards,
Jan



More information about the Opendnssec-user mailing list