[Opendnssec-user] Remove keys not in repository
Arun Natarajan
arun at arunns.com
Sun Jun 11 22:59:05 UTC 2017
Hi Yuri,
ODS version 1.4.12 (LTS).
--
arun
On 11 June 2017 at 22:28, Yuri Schaeffer <yuri at nlnetlabs.nl> wrote:
> Hi Arun,
>
> What version of OpenDNSSEC are you using?
>
> //Yuri
>
> On 11-06-17 11:05, Arun Natarajan wrote:
> > Hello,
> >
> > I accidentally ended up in a state which - the key with CKA_ID
> > "fc1c149afbf4c8996fb92427" is not existing on SoftHSM.
> >
> > example.com <http://example.com> ZSK
> > active 2017-12-15 14:35:15 (retire) 2048 8
> > fc1c149afbf4c8996fb92427 SoftHSM_1 NOT IN repository
> > example.com <http://example.com> KSK
> > ready waiting for ds-seen (active) 2048 8
> > fc1c149afbf4c8996fb92427 SoftHSM_2 NOT IN repository
> >
> > But ods put those keys in active state for ZSK and ready state
> > (ds-seen) for KSK. Basically I cannot just delete the keys from ODS.
> >
> > "The enforcer believes that this key is in use, quitting..."
> >
> > With a roll over the ZSK is fine, it published a new key, but for KSK
> > ds-seen or roll over does not help.
> >
> > - ds-seen
> > "
> > cka_id fc1c149afbf4c8996fb92427 in DB but NOT IN repository
> > No keys in the READY state matched your parameters, please check the
> > parameters
> > "
> >
> > appreciate any advice, to get rid of the non-hsm KSK CKA_ID?
> >
> > -
> > Thanks
> > Arun
> >
> >
> > _______________________________________________
> > Opendnssec-user mailing list
> > Opendnssec-user at lists.opendnssec.org
> > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> >
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20170612/bd710fdc/attachment.htm>
More information about the Opendnssec-user
mailing list