[Opendnssec-user] NOTE: keys generated in repository SoftHSM will not become active until they have been backed up
Rick van Rein
rick at openfortress.nl
Mon Feb 27 09:06:42 UTC 2012
Hi,
> Hello list.
>
> I have installed opendnssec and softhsm from debian wheeze repositories.
>
> The problem is, that i can not sign zone because keys are not active
> - quotes from /var/log/messages:
>
> 1. Feb 26 19:45:21 debian ods-enforcerd: NOTE: keys generated in
> repository SoftHSM will not become active until they have been
> backed up
Back them up and run ods-ksmutil backup done. Or better, use the
prepare/commit parts before/after the backup. If you don't want
to backup your keys (seriously?!?) you can set that in the config-
files. The default configfiles assume you are taking precautions
and therefore making backups.
> 2. Feb 26 19:45:21 debian ods-enforcerd: WARNING: KSK rollover for
> zone 'xxx.com' not completed as there are no keys in the 'ready'
> state; ods-enforcerd will try again when it runs next
The suggestions promote keys to the ready state, and signing should
commence.
-Rick
More information about the Opendnssec-user
mailing list