On 13.5.2016 14:07, Günther J. Niederwimmer wrote: > Hello Petr, > > thank you for the answer > > Am Freitag, 13. Mai 2016, 13:35:57 CEST schrieb Petr Spacek: >> On 13.5.2016 13:14, Günther J. Niederwimmer wrote: >>> Cannot open destination file, will not make backup. >>> No keys in the READY state matched your parameters, please check the >>> parameters >> >> This is correct. Configured TTL did not expire yet so the key is not >> "ready". See the column "Date of next transition". You will be able to >> activate the key when this time passes. >> >> For detailed info please see >> https://wiki.opendnssec.org/display/DOCS/Key+States >> >> If you are going to use DNSSEC please make sure to use very latests FreeIPA >> 4.3.1 or newer. We fixed a lot of bugs in the last release. > > My system is a CentOS 7.2, can I found the newer FreeIPA rpm on any > repository > for this System ?
You might either try https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-3-centos-7/ or wait for CentOS 7.3. Petr^2 Spacek > This is my private Server and I hope this is running correct ? > >> Petr^2 Spacek >> >>> when i say >>> >>> sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf ods-ksmutil key >>> list --verbose >>> SQLite database set to: /var/opendnssec/kasp.db >>> Keys: >>> Zone: Keytype: State: Date of next >>> transition (to): Size: Algorithm: CKA_ID: >>> Repository: Keytag: >>> examle.com KSK publish 2016-05-14 >>> 00:16:00 (ready) 3072 8 6145b3b71c448dfc1130d0f9d2caac79 >>> SoftHSM 40447 >>> example.com ZSK active 2016-08-11 >>> 10:16:00 (retire) 2048 8 d7fe5c98d5f3f89aefb9e8dfb92ebcb1 >>> SoftHSM 60630 >>> >>> The DS Record are published in the ".com" Domain >>> >>> dig +rrcomments example.com DS >>> ;; ANSWER SECTION: >>> example.com. 85610 IN DS 40447 8 1 >>> 4E04D91BF29E1941E00CC36B13BC3F50BBA5C913 >>> example.com. 85610 IN DS 40447 8 2 >>> 92EE9E785D07C2BBCA83DFB1156D4D01052B441B8F3898734 >>> >>> Is this the correct status or have I to change anything ? >>> >>> Have I to change the KSK status form publish to active or is this correct >>> ? >>> >>> Thanks for a answer > > -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
