Hi,
I used this tutorial as reference to setup DNSSEC with SoftHSM2:
https://kb.isc.org/docs/bind-9-pkcs11
I installed the Debian package instead of building libp11:
libengine-pkcs11-openssl:amd640.4.12-0.1
It works until reaching this command:
$ dnssec-keyfromlabel \
-E pkcs11 \
-a RSA
Hi,
I directly see missing semicolon in the failed command. Please provide full
unedited log, so we can be sure that the error was not made when redacting the
output.
Ondrej
--
Ondřej Surý — ISC (He/Him)
My working hours and your working hours may be different. Please do not feel
obligated to
Hi,
Sorry for the typo (command is correct in strace file), here is the
unedited log:
$ dnssec-keyfromlabel -E pkcs11 -a RSASHA256 -l
"token=bind9;object=example.net-ksk" -f KSK example.net
dnssec-keyfromlabel: fatal: could not initialize dst: crypto failure
Gérard
Le 03/12/2023 à 19:06, O
Hi,
Weird behavior with /opt/bind9/etc/openssl.cnf.
The only difference with /etc/ssl/openssl.cnf is the pkcs11 engine:
[openssl_init]
engines=engine_section
[engine_section]
pkcs11 = pkcs11_section
[pkcs11_section]
engine_id = pkcs11
dynamic_path = /usr/lib/x86_64-linux-gnu/engines-3/pkc
4 matches
Mail list logo
