[Opendnssec-user] Missing keys and various other problems on 2.0
Casper Gielen
C.Gielen at uvt.nl
Mon Jun 25 15:05:40 UTC 2018
Op 25-06-18 om 15:45 schreef Berry A.W. van Halderen:
> On 06/25/2018 03:05 PM, Casper Gielen wrote:
>> Op 25-06-18 om 11:49 schreef Casper Gielen:
>>>
>>> I've verified that everything under /var/lib/opendnssec is readable and
>>> writable by the opendnssec user. The configuration, under
>>> /etc/opendnssec, is readable but not writable.
>>
>> Minutes after I wrote this a colleague added a new zone (ucgv.nl) that immediately ran into trouble.
>> Unfortunately I do not have complete logging, this is what I do have:
>
> This could be much unrelated from the earlier issue.
>
> Are you using SoftHSM as HSM? If so, which version?
> There is a known, resolved issue with certain versions.
We were on SoftHSM 2, version 2.2.0, Debian package v3, as provided by
Debian Stretch. I just switched to SoftHSM 2.4.0, form Debian Unstable.
Onfortunately this did not magically solve my problems, the signer is
still not able to get the key that should be available:
# ods-hsmutil list | grep a1d5274f2e3c73eb73ec99c16e781d0d /tmp/hsmkeys
LocalHSM a1d5274f2e3c73eb73ec99c16e781d0d RSA/2048
I'll run it for a bit and see if anything improves.
--
Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7
Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl
More information about the Opendnssec-user
mailing list