[Opendnssec-user] Not enough keys to satisfy zsk policy for zone

[Yuri Schaeffer]

> I guess you mean "key generate --interval" instead of "key generate --period" ?

indeed.

>> Long term workaround:
>> Use a different key length for ZSK than KSK.
> 
> We already do. KSK length is 2048, ZSK 1024.

Then you have a different problem. Please check which user OpenDNSSEC
runs as and make sure that your HSM allows that user write access.

//Yuri

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20171220/3800fc3c/attachment.bin>