This would probably be best for an OpenSSL list, but since the goal here
is to get GOST working in both ODS and BIND...
Anyone have any tips on what one needs to do to enable GOST in openssl?
I'm hoping to stick with Redhat-supplied RPM's, but if that's not possible
I'm not entirely against co
SQLite database set to: /var/opendnssec/kasp.db
Keys:
Zone: Keytype: State:Date of next
transition (to): Size: Algorithm: CKA_ID: Repository:
Keytag:
KSK ready waiting for
ds-seen (active) 20488 4
Unsigned zone:
lac-megantic.qc.ca.IN NSns1.com2media.ca.
IN NSns2.com2media.ca.
ville.lac-megantic.qc.ca. IN NSns1.com2media.ca.
IN NSns2.com2media.ca.
Signed zone (ODS):
lac-megantic.qc
So, this same Keyper HSM with 36 (or more) keys on it...
I run an "inittoken" now.
"ods-hsmutil list" shows me no keys. I haven't nuked the APP keys via the
HSM console, though. They're still there but hsmutil doesn't show them.
Why? Is hsmutil really reading ~/Keyper/keymap.db, and not con
ODS-1.4.0-0.a2 + AEP Keyper
wiki.opendnssec.org states:
"The ods-hsmutil utility is designed to interact directly with your HSM
and can be used to manually list, create or delete keys. It can also be
used to perform a set of basics HSM tests."
--
I've created 5 KSK's and 31 ZSK's that are si
[root@signer-02 log]# ods-ksmutil key list
/var/opendnssec/kasp.db.our_lock already locked, sleep
/var/opendnssec/kasp.db.our_lock already locked, sleep
/var/opendnssec/kasp.db.our_lock already locked, sleep
couldn't get lock on /var/opendnssec/kasp.db.our_lock; Resource
temporarily unavailable
had full access.
Resolved.
-jake
On Thu, 10 May 2012, elsif wrote:
opendnssec-1.4.0-1.el6.x86_64 under Red Hat Enterprise Linux Server release
6.2.
I've done:
1) inittoken (and specified token ID, passwords)
2) ods-ksmutil key generate --policy=lab --interval P30D
When I do
opendnssec-1.4.0-1.el6.x86_64 under Red Hat Enterprise Linux Server release
6.2.
I've done:
1) inittoken (and specified token ID, passwords)
2) ods-ksmutil key generate --policy=lab --interval P30D
When I do an "ods-hsmutil list", I get:
[root@signer01 opendnssec]# ods-hsmutil list
Listing k
