[Opendnssec-user] Signature failed to cryptographically verify

Jakob Schlyter jakob at kirei.se
Mon Jun 2 14:21:01 UTC 2014

On 2 jun 2014, at 13:15, Emil Natan <shlyoko at gmail.com> wrote:

> I use ods-ksmutil key list to obtain the CKA_ID for all keys for a zone, then dnssec-keyfromlabel to create the files with metadata for these keys, store the files in a temp directory and then I use dnssec-signzone (-S) to actually sign the zone. For the most simple scenario when there are only two active keys, ZSK and KSK, I run dnssec-keyfromlabel twice with different options to correctly create the ZSK and KSK files. In the middle of rollover or when using stand-by keys, I use dnssec-keyfromlabel few times, to create all needed key files.

You should probably take a look at https://github.com/opendnssec/ods4bind


More information about the Opendnssec-user mailing list