Hello Daniel,
thanks for your hint.
But seems to be a good question - how to somehow convert .pem to .private?
The .private format should contains a hash which is probably combined from .
pem and used algorithms.
i.e
Private-key-format: v1.3
Algorithm: 13 (ECBSAP256SHA256)
PrivateKey: tCVJuLcTTBJ6cwXoyxYxE6wQlEB1fKHlVnVKc/YPBET=
Created: 20190227083519
Publish: 20190227083519
Activate: 20190227083519
Then I logically looking for some tool which allows me this conversion. When
BIND sign the zone by himself it uses a /dev/random to combine the .private.
If you can hint me some usable 3rd party tool for manual conversion I'll be
really happy.
I check the keymgr which allows reverse conversion from BIND .key and .
private to KNOT.
Best regards.
--
Smil Milan Jeskyňka Kazatel
---------- Původní e-mail ----------
Od: [email protected]
Komu: Milan Jeskynka Kazatel <[email protected]>
Datum: 6. 3. 2019 21:18:35
Předmět: Re: [knot-dns-users] konvert Knot DNS sigantures certs to BIND
format.
"Hello Milan,
We don't provide any tool for such a conversion. But it should be
possible
to do it manually. The .key file is simple. Just use `keymgr <zone>
dnskey`.
The .private file is more tricky. You have to somehow convert Knot's
.pem file
and set timestamp and other items.
Daniel
On 2019-03-04 10:05, Milan Jeskynka Kazatel wrote:
> Hello community,
>
> can I somehow convert stored certificates for a signed zone to BIND
> format?
>
> My use case is to change used topology for authoritative servers. I´m
> manage existing zones in Knot, now I would like to transfer it to BIND
> and use existing certificates for signing it on BIND due to DS records
> in parent zones. The knot will be reconfigured as a slave.
>
> Is it possible to achieve it?
>
> Thanks.
> --
> Smil Milan Jeskyňka Kazatel
"
--
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-dns-users
