[Opendnssec-user] Re: ods-enforcerd: Error creating key in repository SoftHSM-KSK

Jarno Huuskonen jarno.huuskonen at uef.fi
Sun Aug 31 09:32:15 UTC 2014


Hi,

> I got the following error message and enforcer could not restarted
> 
> [root at ns2 ~]# ods-control start
> Starting enforcer...
> OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 9473
> Could not start enforcer
> [root at stage-ns2 ~]# tail -f /var/log/messages
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Connecting to Database...
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy default found.
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off.
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: No zones on policy default, skipping...
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy DotMasr found.
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off.
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 zone(s) found on policy "Dot2"
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 new KSK(s) (2048 bits) need to be created for policy Dot2: keys_to_generate(1) = keys_needed(1) - keys_available(0).
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Error creating key in repository SoftHSM-KSK
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: generate key pair: CKR_GENERAL_ERROR

What do you have in softhsm.conf (/etc/softhsm.conf) ?

Is the user account used for ods-enforcerd able to access the files
defined in softhsm.conf (can change to the directory and read/write the
files).

Does your opendnssec/conf.xml <Repository> / <TokenLabel> match
what you get with "softhsm --show-slots" ?

-Jarno

-- 
Jarno Huuskonen



More information about the Opendnssec-user mailing list