[Opendnssec-user] Re: No Keys Generated Using AEP Keyper

[Dave Knight]

Hi,

You don't mention a step where you create the keys. I'm not running 1.4.0 yet, but I imagine that you still have to do that manually.

It might be helpful to walk through <http://www.opendnssec.org/documentation/using-opendnssec/> and see if there are steps that you missed.

dave


On 2013-01-29, at 9:34 PM, 刘硕 <shuoleo at 126.com> wrote:

> Hi Dave,
>  
> I'm testing opendnssec-1.4.0rc2 with AEP Keyper, I can start the service now, ods-signerd and ods-enforcerd are running.
> But when I use ods-ksmutil zone add -z dstest to add a new zone, I found no keys with ods-ksmuitl key list
>  
> I get logs like:
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [cmdhandler] received command update --all[12]
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [zonelist] read file /home/gtld/software/opendnssec-1.4.0rc2/etc/opendnssec/zonelist.xml
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [worker[2]] configure zone dstest
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [file] unable to stat file /home/gtld/software/opendnssec-1.4.0rc2/var/opendnssec/signconf/dstest.xml: ods_fopen() failed
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [zone] zone dstest signconf file /home/gtld/software/opendnssec-1.4.0rc2/var/opendnssec/signconf/dstest.xml is unchanged since 2013-01-30 10:03:06
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [worker[2]] CRITICAL: failed to sign zone dstest: General error
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [worker[2]] backoff task [configure] for zone dstest with 60 seconds
>  
> And there is no dstest.xml in var/opendnssec/signconf/ at all, and no data in table keypairs of kasp.db.
>  
> It seems opendnssec could not generate keys using AEP Keyper, am I right?
>  
> Have you guys ever met this problem?
>  
>  
> Best regards,
> Stuart