[Opendnssec-user] Turn ksk in to no-retire
sion at nominet.org.uk
Thu Jun 28 10:44:52 CEST 2012
On 27/06/12 13:24, Bas van den Dikkenberg wrote:
> Hi all,
> Is there a way to turn current active ksk in to an non Turn ksk in to
> non-retiring key ?
> With kind regards,
> Bas van den Dikkenberg
Not for just one key; you can make a policy where the KSK lifetime is
large, and set the "Manual Rollover" option. This will apply to _all_
KSKs on that policy however.
The reason to set the lifetime high in this case is just to stop log
messages prompting you to roll the key, and possible auditor messages
about the key use.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-user