On Mon, Jul 4, 2011 at 9:58 AM, Bryton <[email protected]> wrote: > Here are the logs > > Jul 4 10:57:41 ubuntu-serv-dnssec ods-signerd: unable to open file > /var/lib/opendnssec/signconf/tz.xml for reading: No such file or directory > Jul 4 10:57:41 ubuntu-serv-dnssec ods-signerd: unable to open file > /var/lib/opendnssec/signconf/tz.xml for reading: No such file or directory > Jul 4 10:57:41 ubuntu-serv-dnssec ods-signerd: zone tz has policy default > configured, but has no (valid) signconf file > Jul 4 10:57:41 ubuntu-serv-dnssec ods-enforcerd: Key sharing is Off. > Jul 4 10:57:42 ubuntu-serv-dnssec ods-enforcerd: Error creating key in > repository SoftHSM > Jul 4 10:57:42 ubuntu-serv-dnssec ods-enforcerd: generate key pair: > CKR_GENERAL_ERROR
The Signer Engine starts faster than the Enforcer and can thus not find the tz.xml. It will however read tz.xml once it has been created by the Enforcer daemon. But the Enforcer was not able to create the signconf, since the keys could not be created. Is your HSM setup correctly done? Try: ods-hsmutil list ods-hsmutil test <Repository> // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
