[Opendnssec-user] NOTE: keys generated in repository SoftHSM will not become active until they have been backed up
paul at nohats.ca
Tue Feb 28 04:41:45 UTC 2012
On Mon, 27 Feb 2012, Rick van Rein wrote:
>> 1. Feb 26 19:45:21 debian ods-enforcerd: NOTE: keys generated in
>> repository SoftHSM will not become active until they have been
>> backed up
> Back them up and run ods-ksmutil backup done. Or better, use the
> prepare/commit parts before/after the backup. If you don't want
> to backup your keys (seriously?!?) you can set that in the config-
> files. The default configfiles assume you are taking precautions
> and therefore making backups.
Actually, I find that feature rather strange. What other software on
a unix server is asserting that you manually tell it you made a
backup before it can be used?
IMHO, that's a feture best retired, especially because it is giving
people issues to start signing in the first place. But if people
want to keep it, allow signing anyway, but nag via a daily cron job?
More information about the Opendnssec-user