>> all ds are seen. repository is flagged. i am still not asked to back
>> keys up.
>>
>>
>> /usr/local/lib/softhsm/libsofthsm.so
>> opendnssec
>> sigh
>>
>>
Hi Mark and David,
All the problems you have reported points to issues with your HSM rather
then a problem with OpenDNSSEC.
OpenDNSSEC can not recover from a state where the key was successfully
created but is now missing in the HSM.
If this is a test environment then you should test your setup
Trying a key rollover I get the following:
ods-enforcerd: Key 85d783cf86e25fe6c9bce3cbac1cf851 in DB but not repository.
Run as the opendnssec user:
ods-hsmutil list thales | grep 85d783cf86e25fe6c9bce3cbac1cf851
thales85d783cf86e25fe6c9bce3cbac1cf851 RSA/2048
Something hink
Hi All
As Mark has said logged in as the signer user we are able to list the “missing”
key.
KSK active2015-06-10 15:19:39
(retire) 20488 994410881c1e66e2d075ed1ed1756679 thales
15664
Anything else we can try look
On Mon, 2014-06-09 at 15:47 +0200, David Peall wrote:
> On 09 Jun 2014, at 2:39 PM, Siôn Lloyd wrote:
>
> > On 09/06/14 11:30, David Peall wrote:
> >>
> >> But then:
> >> ods-signerd: [hsm] unable to get key: key 994410881c1e66e2d075ed1ed1756679
> >> not found
> >> ods-signerd: [zone] unable to
On Mon, Jun 9, 2014 at 7:27 PM, Randy Bush wrote:
>
> all ds are seen. repository is flagged. i am still not asked to back
> keys up.
>
>
>
> /usr/local/lib/softhsm/libsofthsm.so
> opendnssec
> VibogNond1
>
