[Opendnssec-user] [EXT] CRITICAL: failed to sign zone

Berry A.W. van Halderen berry at nlnetlabs.nl
Fri Aug 16 18:36:52 UTC 2019

On 8/16/19 6:21 PM, Ulrich-Lorenz Schlüter wrote:
> I checked perms as described.
> Turned up logging verbosity.
> "ods-ksmutil key list --verbose" does not spit out any keys.

Did you perform the upgrade steps to get to 1.4.14?  Where there
any anomalies?
If ods-ksmutil does not list keys, but there are no errors either
then I would suspect problems there.  However if you increased logging
level there should be more explanatory help in the logging.  Perhaps
in the syslog configuration these are repressed, or they end up in a
different log file.

You can also try the command "ods-hsmutil list" to list keys.  The
ods-ksmutil lists keys as known to OpenDNSSEc, ods-hsmutil lists keys
as found in the HSM.


More information about the Opendnssec-user mailing list