[Opendnssec-user] Remove keys not in repository
Arun Natarajan
arun at arunns.com
Sun Jun 11 09:05:16 UTC 2017
Hello,
I accidentally ended up in a state which - the key with CKA_ID
"fc1c149afbf4c8996fb92427" is not existing on SoftHSM.
example.com ZSK active 2017-12-15
14:35:15 (retire) 2048 8 fc1c149afbf4c8996fb92427 SoftHSM_1
NOT IN repository
example.com KSK ready waiting for
ds-seen (active) 2048 8 fc1c149afbf4c8996fb92427 SoftHSM_2
NOT IN repository
But ods put those keys in active state for ZSK and ready state (ds-seen)
for KSK. Basically I cannot just delete the keys from ODS.
"The enforcer believes that this key is in use, quitting..."
With a roll over the ZSK is fine, it published a new key, but for KSK
ds-seen or roll over does not help.
- ds-seen
"
cka_id fc1c149afbf4c8996fb92427 in DB but NOT IN repository
No keys in the READY state matched your parameters, please check the
parameters
"
appreciate any advice, to get rid of the non-hsm KSK CKA_ID?
-
Thanks
Arun
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170611/4b8669a9/attachment.htm>
More information about the Opendnssec-user
mailing list