Hi,
Weird behavior with /opt/bind9/etc/openssl.cnf.
The only difference with /etc/ssl/openssl.cnf is the pkcs11 engine:
[openssl_init]
engines=engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/x86_64-linux-gnu/engines-3/pkc
Hi,
Sorry for the typo (command is correct in strace file), here is the
unedited log:
$ dnssec-keyfromlabel -E pkcs11 -a RSASHA256 -l
"token=bind9;object=example.net-ksk" -f KSK example.net
dnssec-keyfromlabel: fatal: could not initialize dst: crypto failure
Gérard
Le 03/12/2023 à 19:06, O
Hi,
I directly see missing semicolon in the failed command. Please provide full
unedited log, so we can be sure that the error was not made when redacting the
output.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to
Hi,
I used this tutorial as reference to setup DNSSEC with SoftHSM2:
https://kb.isc.org/docs/bind-9-pkcs11
I installed the Debian package instead of building libp11:
libengine-pkcs11-openssl:amd640.4.12-0.1
It works until reaching this command:
$ dnssec-keyfromlabel \
-E pkcs11 \
-a RSA
4 matches
Mail list logo
