[Opendnssec-user] Removing old keys and policies
Hoda Rohani
hoda at nlnetlabs.nl
Mon Aug 21 07:37:19 UTC 2017
Hello,
On 19-08-17 17:07, Julian Brost wrote:
> Hi,
>
> I'm currently running OpenDNSSEC 2.1.3 and after some experimenting, I
> now want to remove some old policies and keys. Some of the testing has
> already been done using version 1.4 or 2.0 and the installation was
> upgraded.
>
> When I try to remove the old policy "lab2", I get this error:
>
> # ods-enforcer policy import -r
> [...]
> Unable to delete policy lab2, there are still hsm keys using this policy!
>
> However, there is no zone left using that policy and trying to purge its
> keys doesn't succeed either:
>
> # ods-enforcer key purge -p lab2
> No zones on policy lab2
> No keys to purge
>
Didn't expect that.
> What's the best way to proceed in this situation? Are there any tools
> that can help me? Is it safe to manually remove keys from the table
> "hsmKey" in the database after stopping OpenDNSSEC?
>
I'd like to see your database. Is it possible to send it privately to me?
> Regards,
> Julian
Best regards,
Hoda Rohani
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
More information about the Opendnssec-user
mailing list