[Opendnssec-user] Re: No Keys Generated Using AEP Keyper
dave at knig.ht
Wed Jan 30 04:09:57 UTC 2013
You don't mention a step where you create the keys. I'm not running 1.4.0 yet, but I imagine that you still have to do that manually.
It might be helpful to walk through <http://www.opendnssec.org/documentation/using-opendnssec/> and see if there are steps that you missed.
On 2013-01-29, at 9:34 PM, 刘硕 <shuoleo at 126.com> wrote:
> Hi Dave,
> I'm testing opendnssec-1.4.0rc2 with AEP Keyper, I can start the service now, ods-signerd and ods-enforcerd are running.
> But when I use ods-ksmutil zone add -z dstest to add a new zone, I found no keys with ods-ksmuitl key list
> I get logs like:
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [cmdhandler] received command update --all
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [zonelist] read file /home/gtld/software/opendnssec-1.4.0rc2/etc/opendnssec/zonelist.xml
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [worker] configure zone dstest
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [file] unable to stat file /home/gtld/software/opendnssec-1.4.0rc2/var/opendnssec/signconf/dstest.xml: ods_fopen() failed
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [zone] zone dstest signconf file /home/gtld/software/opendnssec-1.4.0rc2/var/opendnssec/signconf/dstest.xml is unchanged since 2013-01-30 10:03:06
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [worker] CRITICAL: failed to sign zone dstest: General error
> Jan 30 10:03:06 CST-BJ-103 ods-signerd: [worker] backoff task [configure] for zone dstest with 60 seconds
> And there is no dstest.xml in var/opendnssec/signconf/ at all, and no data in table keypairs of kasp.db.
> It seems opendnssec could not generate keys using AEP Keyper, am I right?
> Have you guys ever met this problem?
> Best regards,
More information about the Opendnssec-user