[Opendnssec-user] Critical issue: CKR_OBJECT_HANDLE_INVALID after ZSK rollover
Juan Carlos Rodriguez
jcarlos.rodriguez at rediris.es
Wed Sep 7 07:07:02 UTC 2016
Thank you very much Berry, we will do as you suggest.
Kind regards
Juan Carlos
El 6/9/16 a las 15:04, Berry A.W. van Halderen escribió:
> On 09/06/2016 02:15 PM, Juan Carlos Rodriguez wrote:
>> Dear Berry,
>>
>> I think we are suffering the same error at our tests using a RHEL 7, ODS
>> 1.4.7 and a HSM Luna SA7:
>>
>> Sep 6 09:16:47 dnshost ods-enforcerd: Created ZSK size: 2048, alg: 8
>> with id: 812c8c298040dba470085f19bf038277 in repository: ... and database.
>> Sep 6 09:17:04 dnshost ods-signerd: [hsm] Get attr value 2:
>> CKR_OBJECT_HANDLE_INVALID
>> Sep 6 09:17:04 dnshost ods-signerd: [hsm] unable to get key: key
>> 812c8c298040dba470085f19bf038277 not found
>> Sep 6 09:17:04 dnshost ods-signerd: [zone] unable to publish dnskeys
>> for zone testzone: error creating dnskey
>> Sep 6 09:17:04 dnshost ods-signerd: [tools] unable to read zone
>> testzone: failed to publish dnskeys (General error)
>>
>> Could you confirm us if the 1.4 version with the fix was released?
> Always impossible to give a hard confirmation. But yes, the messages
> you get are similar to the issues relating to the re-opening of the
> HSM (issues OPENDNSSEC-{478,750,581,582},SUPPORT-88).
> These issues are solved in 1.4.10 (and 2.0.1).
>
> A quick restart will get you out of the immediate issues, as then the
> keys should be found. But you should upgrade to the latest 1.4.
>
> With kind regards,
> Berry van Halderen
>
>
--
---------------------------------------------
Juan Carlos Rodríguez Merino
NOC RedIRIS
Tel: 912127620 (Ext. 4345)
RedIRIS / Red.es
Edificio Bronce
Plaza de Manuel Gómez Moreno, s/n - 2ª planta
28020 Madrid
---------------------------------------------
More information about the Opendnssec-user
mailing list