[Opendnssec-user] Trying to purge a key with "unknown key state"
Paul Wouters
paul at nohats.ca
Mon Jan 7 18:05:02 UTC 2013
I'm trying to kill all references to a key in ods/softhsm
~> ods-ksmutil key ksk-retire --keytag 12345
*WARNING* This will retire the currently active KSK; are you sure? [y/N] y
Found key with CKA_ID 02e940a73755801f75bc9744c608dc5e
Key 02e940a73755801f75bc9744c608dc5e retired
~> ods-ksmutil key delete --cka_id 12345
Failed to determine the state of the key
The problem is that this key is still showing up in the signconf XML
file, and is re-introduced when running ods-ksmutl update all. But it
has a wrong algorithm, and it just needs to vanish completely, as it is
just breaking the signerd (which also dies upon encountering this)
Is there a way to force deletion without knowing the state of the key?
Paul
More information about the Opendnssec-user
mailing list