[Opendnssec-user] Missing keys and various other problems on 2.0

Casper Gielen C.Gielen at uvt.nl
Mon Jun 25 15:05:40 UTC 2018

Op 25-06-18 om 15:45 schreef Berry A.W. van Halderen:
> On 06/25/2018 03:05 PM, Casper Gielen wrote:
>> Op 25-06-18 om 11:49 schreef Casper Gielen:
>>> I've verified that everything under /var/lib/opendnssec is readable and
>>> writable by the opendnssec user. The configuration, under
>>> /etc/opendnssec, is readable but not writable.
>> Minutes after I wrote this a colleague added a new zone (ucgv.nl) that immediately ran into trouble. 
>> Unfortunately I do not have complete logging, this is what I do have:
> This could be much unrelated from the earlier issue.
> Are you using SoftHSM as HSM?  If so, which version?
> There is a known, resolved issue with certain versions.

We were on SoftHSM 2, version 2.2.0, Debian package v3, as provided by
Debian Stretch. I just switched to SoftHSM 2.4.0, form Debian Unstable.

Onfortunately this did not magically solve my problems, the signer is
still not able to get the key that should be available:

# ods-hsmutil list | grep a1d5274f2e3c73eb73ec99c16e781d0d /tmp/hsmkeys
LocalHSM              a1d5274f2e3c73eb73ec99c16e781d0d  RSA/2048

I'll run it for a bit and see if anything improves.

Casper Gielen <cgielen at uvt.nl> | LIS UNIX
PGP fingerprint = 16BD 2C9F 8156 C242 F981  63B8 2214 083C F80E 4AF7

Universiteit van Tilburg | Postbus 90153, 5000 LE
Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl

More information about the Opendnssec-user mailing list