Stephane, > key states: GENERATED|PUBLISHED|READY|ACTIVE|RETIRED|REVOKED|DEAD > > without explanations.
The man-pages give a bit more detail. > but I never see GENERATED and DEAD and wonder what are their uses. My guess is that you are not enforcing HSM backup before you allow a key to be used by OpenDNSSEC. This should put the keys in GENERATED mode. As for REVOKED and DEAD I'm also confused. > (If I generate keys with ksmutil key generate, I do not see them in > the output of ksmutil key list.) That is the other possible cause why you don't see the GENERATED state :) -Rick _______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
