native pkcs#11 and dynamic signing issues

Arun N S Thu, 21 Jan 2016 01:41:56 -0800

 Running bind 9.10.3-7.P2, with softhsm-2.0.0rc1-3 on Fedora 23.


I was able to sign the zones with dnssec-signzone-pkcs11 command line,


# dnssec-signzone-pkcs11 example.com
Verifying the zone using the following algorithms: RSASHA2.
Zone fully signed:
Algorithm: RSASHA2: KSKs: 1 active, 0 stand-by, 0 revoked
ZSKs: 1 active, 0 stand-by, 0 revoked


but with dynamic signing the logs were showing
 "dns_dnssec_findmatchingkeys: error reading key file
Kexample.com.+008+01234.private: no engine"


Zone configuration:
zone "example.com" IN {
        type master;
        file "zones/example.com";
        auto-dnssec maintain;
        inline-signing yes;
};


# rndc sign example.com
received control channel command 'sign example.com'
zone example.com/IN (signed): reconfiguring zone keys
dns_dnssec_findmatchingkeys: error reading key file
Kexample.com.+008+01234.private: no engine
dns_dnssec_findmatchingkeys: error reading key file
Kexample.+008+05678.private: no engine
zone example.com/IN (signed): next key event: 21-Jan-2016 13:36:59.184

any idea?

Thanks,
Arun

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

native pkcs#11 and dynamic signing issues

Reply via email to