[Opendnssec-user] CRITICAL: failed to sign zone example.com: General error
trashcan at ellael.org
Mon Jan 16 21:09:33 UTC 2017
Berry A.W. van Halderen <berry at nlnetlabs.nl> wrote:
> On 01/16/2017 09:07 PM, Michael Grimm wrote:
>> Berry A.W. van Halderen <berry at nlnetlabs.nl> wrote:
>>> If you are using SoftHSM, it
>>> could be due to permissions problems on the files where the keys
>>> are stored, or to a full filesystem. Check /var/lib/softhsm,
>>> the default location (set in /etc/softhsm.conf).
>> -rw-r--r-- 1 root wheel uarch 44032 Jan 16 20:48
> I'm afraid that is the enforcer database, it has no storage of
> the keys.
> Given SoftHSM, the proper location is can be seen in /etc/softhsm.conf
> or /usr/local/etc/softhsm.conf.
Sorry my fault. Here is the information you asked for:
MW-dns2|root> ls -al /usr/local/var/softhsm/slot0.db
-rw------- 1 root wheel uarch 150528 Jan 4 03:01 /usr/local/var/softhsm/slot0.db
> Also check if there is a <Capacity> specified in your
> This is also a limit on the maximum keys possible.
No, there is no such Capacity limitation defined.
>>> You can also increase the verbosity in conf.xml and restart
>>> to get a bit more information.
>> I had had <Verbosity>3</Verbosity>. I did increase to 4,5, and 10, but
>> to no avail. The very same log messages are reported, no additional
>> ones. Is this the verbosity you were refering to?
> Yes, you did restart the daemons right?
> An increase to 6 or 7 often is very verbose.
Not here :-( Still no increase observable.
>>> Did you keep the original
>>> by any change?
>> Yes. I did save before rescue trials:
>> -rw-r--r-- root/opendnssec 990 2017-01-06 21:02
>> What do you want me to do with that?
> Can you send it to me privately? Me or one of my co-workers can
> have a look at it. There are only references to keys placed
> there so no serious security concerns.
Sure, I will send it in private mail.
More information about the Opendnssec-user