Re: Using a HSM card to sign zone

lib/libCryptoki2.so --- It is required that there is a section labeled 'pkcs11' to use from bind or dnssec-* commands ? -- Sergio R. - Mensaje original - De: "Alan Clegg" Para: bind-users@lists.isc.org Enviados: Domingo, 16 de Febrero 2014 9:33:21 Asunto: Re: Using a HS

Re: Using a HSM card to sign zone

- De: "Billy Glynn" Para: bind-users@lists.isc.org Enviados: Lunes, 17 de Febrero 2014 9:32:44 Asunto: Re: Using a HSM card to sign zone Did you configure bind with the patched version of openssl ? On 14 Feb 2014, at 19:43, Sergio Ramirez wrote: > Hi, > > We want to s

Re: Using a HSM card to sign zone

Did you configure bind with the patched version of openssl ? On 14 Feb 2014, at 19:43, Sergio Ramirez wrote: > Hi, > > We want to sign zones with bind using an HSM Luna PCI Safenet card. > > The command 'dnssec- keyfromlabel' fails: > > # /usr/local/sbin/dnssec-keyfromlabel -v 9 -E LunaCA3 -

Re: Using a HSM card to sign zone

Hi, I have tested Safenet's Luna SA (the network appliance and not the card) a year ago. It did not work using the openssl patch provided with BIND, but at the end with some assistance from the Safenet's engineers and a proprietary engine provided by them we made it work. I presume it'll work also

Re: Using a HSM card to sign zone

On 2/14/14, 10:43 PM, Sergio Ramirez wrote: > Hi, > > We want to sign zones with bind using an HSM Luna PCI Safenet card. > > The command 'dnssec- keyfromlabel' fails: > > # /usr/local/sbin/dnssec-keyfromlabel -v 9 -E LunaCA3 -a RSASHA1 -l > KSK1-testdnssec -f KSK testdnssec. > dnssec-keyfrom