[Opendnssec-user] NOTE: keys generated in repository SoftHSM will not become active until they have been backed up

Paul Wouters paul at nohats.ca
Tue Feb 28 04:41:45 UTC 2012


On Mon, 27 Feb 2012, Rick van Rein wrote:

>> 1. Feb 26 19:45:21 debian ods-enforcerd: NOTE: keys generated in
>> repository SoftHSM will not become active until they have been
>> backed up
>
> Back them up and run ods-ksmutil backup done.  Or better, use the
> prepare/commit parts before/after the backup.  If you don't want
> to backup your keys (seriously?!?) you can set that in the config-
> files.  The default configfiles assume you are taking precautions
> and therefore making backups.

Actually, I find that feature rather strange. What other software on
a unix server is asserting that you manually tell it you made a
backup before it can be used?

IMHO, that's a feture best retired, especially because it is giving
people issues to start signing in the first place. But if people
want to keep it, allow signing anyway, but nag via a daily cron job?

Paul



More information about the Opendnssec-user mailing list