[Opendnssec-user] ods-enforcerd: Error creating key in repository SoftHSM-KSK
Abdalmonem Tharwat Galila
agalila at mcit.gov.eg
Sun Aug 31 09:18:48 UTC 2014
I got the following error message and enforcer could not restarted
[root at ns2 ~]# ods-control start
Starting enforcer...
OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 9473
Could not start enforcer
[root at stage-ns2 ~]# tail -f /var/log/messages
Aug 30 01:03:27 stage-ns2 ods-enforcerd: Connecting to Database...
Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy default found.
Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off.
Aug 30 01:03:27 stage-ns2 ods-enforcerd: No zones on policy default, skipping...
Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy DotMasr found.
Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off.
Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 zone(s) found on policy "Dot2"
Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 new KSK(s) (2048 bits) need to be created for policy Dot2: keys_to_generate(1) = keys_needed(1) - keys_available(0).
Aug 30 01:03:27 stage-ns2 ods-enforcerd: Error creating key in repository SoftHSM-KSK
Aug 30 01:03:27 stage-ns2 ods-enforcerd: generate key pair: CKR_GENERAL_ERROR
[root at stage-ns2 ~]# ods-hsmutil test SoftHSM -v
Testing repository: SoftHSM
Generating 512-bit RSA key... OK
Extracting key identifier... OK, 1134ad3426577e59c44c60f2be8c6351
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Deleting key... OK
Generating 768-bit RSA key... OK
Extracting key identifier... OK, 23a83e3a60cb2deaf108d40b2473cdd3
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Deleting key... OK
Generating 1024-bit RSA key... OK
Extracting key identifier... OK, e27502cde45ad9594f4170c323277428
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK
Generating 1536-bit RSA key... OK
Extracting key identifier... OK, 01d15dcaeff6862df8fd92477fa59023
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK
Generating 2048-bit RSA key... OK
Extracting key identifier... OK, c5ac4f805cd3c11b7e7ed53616c6c345
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK
Generating 4096-bit RSA key... OK
Extracting key identifier... OK, d728d0cbf867eebe912f1688d0f9cf6b
Signing (RSA/SHA1) with key... OK
Signing (RSA/SHA256) with key... OK
Signing (RSA/SHA512) with key... OK
Deleting key... OK
Generating 512-bit DSA key... Failed
generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED
Generating 768-bit DSA key... Failed
generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED
Generating 1024-bit DSA key... Failed
generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED
Generating 512-bit GOST key... Failed
generate key pair: CKR_MECHANISM_INVALID
Generating 1024 bytes of random data... OK
Generating 32-bit random data... 2643190841
Generating 64-bit random data... 9844808495919432962
[root at stage-ns2 ~]#
and no keys :-
[root at stage-ns2 ~]# ods-hsmutil list
Listing keys in all repositories.
0 keys found.
Repository ID Type
---------- -- ----
[root at stage-ns2 ~]#
[root at stage-ns2 ~]# softhsm --show-slots
Available slots:
Slot 0
Token present: yes
Token initialized: yes
User PIN initialized: yes
Token label: OpenDNSSEC
Slot 1
Token present: yes
Token initialized: yes
User PIN initialized: yes
Token label: KSK
Slot 2
Token present: yes
Token initialized: yes
User PIN initialized: yes
Token label: ZSK
[root at stage-ns2 ~]#
Could you advice ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140831/fbc6d3e3/attachment.htm>
More information about the Opendnssec-user
mailing list