[Opendnssec-user] no softhsm whining
Randy Bush
randy at psg.com
Wed Jun 11 00:45:19 UTC 2014
>> all ds are seen. repository is flagged. i am still not asked to back
>> keys up.
>>
>> <Repository name="SoftHSM">
>> <Module>/usr/local/lib/softhsm/libsofthsm.so</Module>
>> <TokenLabel>opendnssec</TokenLabel>
>> <PIN>sigh</PIN>
>> <RequireBackup/>
>> <SkipPublicKey/>
>> </Repository>
>>
>
> Are the keys generated after the update to the policy? Changes to the
> policy only applies to keys generated after the change.
some KSKs were generated after the policy change, and sent to parent,
and ds seen done. ZSKs are whacked frequently.
> Could it be that the message is not logged because the ZSK is generated in
> the same repository as the KSK? See the if-statement in:
> https://github.com/opendnssec/opendnssec/blob/1.4/master/enforcer/enforcerd/enforcer.c#L575
is this a change? i.e. "it used to work!" :)
randy
More information about the Opendnssec-user
mailing list