[Opendnssec-user] ods-hsmutil

Rickard Bellgrim rickard at opendnssec.org
Thu Jul 12 06:09:00 UTC 2012

> Clearly there's a bad assumption on my part somewhere in here.

Yes, if you create keys manually then you have to add them manually to
OpenDNSSEC before you start OpenDNSSEC. If you have not added them to
the Enforcer, then it will create keys by itself. My recommendation is
to not generate keys manually, but to let OpenDNSSEC do that for you.

ods-hsmutil, as the documentation says, talks directly with the HSM.
OpenDNSSEC will thus have no knowledge of the keys, unless you till it
what to do.

// Rickard

More information about the Opendnssec-user mailing list