[Opendnssec-user] Key not found
David Peall
david at dnservices.co.za
Wed Jun 11 10:15:04 UTC 2014
Here is the log line:
Jun 11 12:03:41 ods-signerd: [hsm] unable to get key: key 5a4cf5871ef16a77118283e8666f486b not found
Corresponding debug from HSM log
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008CB >> C_GetSessionInfo
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 >> C_OpenSession
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 > slotID 0x2D622495
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 > flags 0x00000006
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < *phSession 0x000008DA
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DA >> C_CloseSession
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DA > hSession 0x000008DA
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DA < rv 0x00000000 (CKR_OK)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 >> C_GetSlotList
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 > tokenPresent 1
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 > pSlotList (nil)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 Error: SlotState_Admin
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < *pulCount 1
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 >> C_GetSlotList
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 > tokenPresent 1
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 > pSlotList 0x7fffe000b1f0
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 > *pulCount 1
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 Error: SlotState_Admin
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < *pulCount 1
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < pSlotList[0] 0x2D622495
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 >> C_GetTokenInfo
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 > slotID 0x2D622495
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 Error: SlotState_Admin
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < pInfo->flags 0x0000020D
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 >> C_OpenSession
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 > slotID 0x2D622495
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 > flags 0x00000006
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < *phSession 0x000008DB
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB >> C_FindObjectsInit
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB > hSession 0x000008DB
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB > CKA_CLASS: CKO_PRIVATE_KEY
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB > CKA_ID
pAtt->pValue= 16 bytes
5a4cf587 1ef16a77 118283e8 666f486b
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB < rv 0x00000000 (CKR_OK)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB >> C_FindObjects
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB > hSession 0x000008DB
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB > phObject 0x7ffff3ac5cd8
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB > ulMaxObjectCount 1
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB < *pulObjectCount 0
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB < rv 0x00000000 (CKR_OK)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB >> C_FindObjectsFinal
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB > hSession 0x000008DB
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB < rv 0x00000000 (CKR_OK)
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB >> C_CloseSession
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB > hSession 0x000008DB
2014-06-11 12:03:41 [6670] t0067acf3ff7f0000: pkcs11: 000008DB < rv 0x00000000 (CKR_OK)
When I do this from the command line:
ods-hsmutil dnskey 5a4cf5871ef16a77118283e8666f486b zone
zone. 3600 IN DNSKEY 256 3 5 AwEAAZR4a8V/6fMOSy3lCYSxFhvzFcIegRCxwByRseGy4ZD17FoeYtAnWWnKqm/JECE2VCHdEeRQ0Ed6BHekgNjgZfN0PNwd47bi0JrROsOOf9+cbeR4WzPdj+pnrD7BUMX4qZ0Zd/Bei63ph4XWb+XHdwhHy1xe5T+TMepHTy5k1B2ZIePyEG7mx+eOpKkXcXOaYPBM3GWSB+0Bdc4r5tn7qjsjsnWCunwIvXDEqcJJWF0o7Zavbo47uRqPY+fp0/TR/D7LERQanRx17uN9hzUUgEsgrNp4Zq5Bi2rz54GS9baE3i23NRQLW2uzPISXJNNVTMACYz8oyxhZ+gPQlbdHXF8= ;{id = 21096 (zsk), size = 2048b}
I get the following in the debug:
2014-06-11 12:10:29 [6739]: pkcs11: 00000000 >> C_GetFunctionList
2014-06-11 12:10:29 [6739]: pkcs11: 00000000 > ppFunctionList 0x79b178
2014-06-11 12:10:29 [6739]: pkcs11: 00000000 >> C_Initialize
2014-06-11 12:10:29 [6739]: pkcs11: 00000000 > voidp 0x7fff19e5bb40
2014-06-11 12:10:29 [6739]: pkcs11: 00000000 >> 1.73.19cam8
2014-06-11 12:10:30 [6739] t40c730f8a97f0000: pkcs11: 00000000 Error: SlotState_Admin
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 Error: SlotState_Admin
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 >> C_GetSlotList
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 > tokenPresent 1
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 > pSlotList (nil)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 Error: SlotState_Admin
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < *pulCount 1
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 >> C_GetSlotList
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 > tokenPresent 1
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 > pSlotList 0x806eb0
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 > *pulCount 1
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 Error: SlotState_Admin
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < *pulCount 1
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < pSlotList[0] 0x2D622495
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 >> C_GetTokenInfo
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 > slotID 0x2D622495
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 Error: SlotState_Admin
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < pInfo->flags 0x0000020D
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 >> C_OpenSession
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 > slotID 0x2D622495
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 > flags 0x00000006
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < *phSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_Login
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > userType CKU_USER
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > ulPinLen 7
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB Error: SlotState_Admin
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_FindObjectsInit
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > CKA_CLASS: CKO_PRIVATE_KEY
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > CKA_ID
pAtt->pValue= 16 bytes
5a4cf587 1ef16a77 118283e8 666f486b
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_FindObjects
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > phObject 0x7fff19e5bb38
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > ulMaxObjectCount 1
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < *pulObjectCount 1
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < phObject[0] 0x00000483
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_FindObjectsFinal
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_GetAttributeValue
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hObject 0x00000483
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < CKA_ID length 16
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_GetAttributeValue
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hObject 0x00000483
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < CKA_ID
pAtt->pValue= 16 bytes
5a4cf587 1ef16a77 118283e8 666f486b
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_FindObjectsInit
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > CKA_CLASS: CKO_PUBLIC_KEY
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > CKA_ID
pAtt->pValue= 16 bytes
5a4cf587 1ef16a77 118283e8 666f486b
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_FindObjects
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > phObject 0x7fff19e5baf8
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > ulMaxObjectCount 1
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < *pulObjectCount 1
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < phObject[0] 0x00000461
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_FindObjectsFinal
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_GetAttributeValue
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hObject 0x00000483
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < CKA_KEY_TYPE: CKK_RSA
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_GetAttributeValue
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hObject 0x00000461
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < CKA_PUBLIC_EXPONENT length 3
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < CKA_MODULUS length 256
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_GetAttributeValue
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hObject 0x00000461
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < CKA_PUBLIC_EXPONENT
pAtt->pValue= 3 bytes
010001
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < CKA_MODULUS
pAtt->pValue= 256 bytes
94786bc5 7fe9f30e 4b2de509 84b1161b f315c21e 8110b1c0 1c91b1e1 b2e190f5
ec5a1e62 d0275969 caaa6fc9 10213654 21dd11e4 50d0477a 0477a480 d8e065f3
743cdc1d e3b6e2d0 9ad13ac3 8e7fdf9c 6de4785b 33dd8fea 67ac3ec1 50c5f8a9
9d1977f0 5e8bade9 8785d66f e5c77708 47cb5c5e e53f9331 ea474f2e 64d41d99
21e3f210 6ee6c7e7 8ea4a917 71739a60 f04cdc65 9207ed01 75ce2be6 d9fbaa3b
23b27582 ba7c08bd 70c4a9c2 49585d28 ed96af6e 8e3bb91a 8f63e7e9 d3f4d1fc
3ecb1114 1a9d1c75 eee37d87 3514804b 20acda78 66ae418b 6af3e781 92f5b684
de2db735 140b5b6b b33c8497 24d3554c c002633f 28cb1859 fa03d095 b7475c5f
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_Logout
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB >> C_CloseSession
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB > hSession 0x000008CB
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 000008CB < rv 0x00000000 (CKR_OK)
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 >> C_Finalize
2014-06-11 12:10:33 [6739] t40c730f8a97f0000: pkcs11: 00000000 < rv 0x00000000
I hope someone can make sense of that?
Regards
—
David Peall
On 11 Jun 2014, at 10:14 AM, Siôn Lloyd <sion at nominet.org.uk> wrote:
> On 10/06/14 15:40, David Peall wrote:
>> Trying a key rollover I get the following:
>> ods-enforcerd: Key 85d783cf86e25fe6c9bce3cbac1cf851 in DB but not repository.
>>
>> Run as the opendnssec user:
>> ods-hsmutil list thales | grep 85d783cf86e25fe6c9bce3cbac1cf851
>> thales 85d783cf86e25fe6c9bce3cbac1cf851 RSA/2048
>>
>> Something hinky going on?
>
> Clearly the key _does_ exist in the HSM and I assume that the enforcer
> is misinterpreting an error return from the thales box...
>
> Is anything being logged from the HSM side that might help?
>
>> Regards
>> —
>> David Peall
>>
>> On 10 Jun 2014, at 4:22 PM, David Peall <david at dnservices.co.za> wrote:
>>
>>> Hi All
>>>
>>> As Mark has said logged in as the signer user we are able to list the “missing” key.
>>> <zone> KSK active 2015-06-10 15:19:39 (retire) 2048 8 994410881c1e66e2d075ed1ed1756679 thales 15664
>>>
>>> Anything else we can try look for?
>>>
>>> Regards
>>> —
>>> David Peall
>>>
>>> On 09 Jun 2014, at 2:39 PM, Siôn Lloyd <sion at nominet.org.uk> wrote:
>>>
>>>> On 09/06/14 11:30, David Peall wrote:
>>>>> But then:
>>>>> ods-signerd: [hsm] unable to get key: key 994410881c1e66e2d075ed1ed1756679 not found
>>>>> ods-signerd: [zone] unable to publish dnskeys for zone <zone>: error creating dnskey
>>>>> ods-signerd: [tools] unable to read zone <zone>: failed to publish dnskeys (General error)
>>>>>
>>>>> But:
>>>>> ods-ksmutil key list --verbose
>>>>> Zone: Keytype: State: Date of next transition (to): Size: Algorithm: CKA_ID: Repository: Keytag:
>>>>> <zone> KSK publish 2014-06-10 02:17:13 (ready) 2048 8 994410881c1e66e2d075ed1ed1756679 thales 15664
>>>>>
>>>>> Is this because the key is not active? is this a bug?
>>>> Hi David,
>>>>
>>>> The state of the key is not causing this... Does the signer run as the
>>>> same user/group as the enforcer?
>>>>
>>>>> Also get this:
>>>>> ods-enforcerd: WARNING: KSK rollover for zone ‘<zone>' not completed as there are no keys in the 'ready' state; ods-enforcerd will try again when it runs next
>>>>>
>>>> This is just a warning that you have to wait for the KSK and signatures
>>>> to propagate before the key is considered "ACTIVE". The wording is not
>>>> ideal for the initial signing situation, but makes more sense when
>>>> describing subsequent rolls.
>>>>
>>>> Sion
>>>> _______________________________________________
>>>> Opendnssec-user mailing list
>>>> Opendnssec-user at lists.opendnssec.org
>>>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>>> _______________________________________________
>>> Opendnssec-user mailing list
>>> Opendnssec-user at lists.opendnssec.org
>>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4148 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20140611/66976509/attachment.bin>
More information about the Opendnssec-user
mailing list