[Opendnssec-user] Turn ksk in to no-retire
Siôn Lloyd
sion at nominet.org.uk
Thu Jun 28 08:44:52 UTC 2012
On 27/06/12 13:24, Bas van den Dikkenberg wrote:
>
> Hi all,
>
> Is there a way to turn current active ksk in to an non Turn ksk in to
> non-retiring key ?
>
> With kind regards,
>
> Bas van den Dikkenberg
>
>
>
Not for just one key; you can make a policy where the KSK lifetime is
large, and set the "Manual Rollover" option. This will apply to _all_
KSKs on that policy however.
See:
https://wiki.opendnssec.org/display/DOCS/Key+Management#KeyManagement-Keyrolloversonexactdates
The reason to set the lifetime high in this case is just to stop log
messages prompting you to roll the key, and possible auditor messages
about the key use.
Sion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120628/380d66d4/attachment.htm>
More information about the Opendnssec-user
mailing list