[Opendnssec-user] Removing old keys and policies
hoda at nlnetlabs.nl
Mon Aug 21 07:37:19 UTC 2017
On 19-08-17 17:07, Julian Brost wrote:
> I'm currently running OpenDNSSEC 2.1.3 and after some experimenting, I
> now want to remove some old policies and keys. Some of the testing has
> already been done using version 1.4 or 2.0 and the installation was
> When I try to remove the old policy "lab2", I get this error:
> # ods-enforcer policy import -r
> Unable to delete policy lab2, there are still hsm keys using this policy!
> However, there is no zone left using that policy and trying to purge its
> keys doesn't succeed either:
> # ods-enforcer key purge -p lab2
> No zones on policy lab2
> No keys to purge
Didn't expect that.
> What's the best way to proceed in this situation? Are there any tools
> that can help me? Is it safe to manually remove keys from the table
> "hsmKey" in the database after stopping OpenDNSSEC?
I'd like to see your database. Is it possible to send it privately to me?
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
More information about the Opendnssec-user