Hi, > Hello list. > > I have installed opendnssec and softhsm from debian wheeze repositories. > > The problem is, that i can not sign zone because keys are not active > - quotes from /var/log/messages: > > 1. Feb 26 19:45:21 debian ods-enforcerd: NOTE: keys generated in > repository SoftHSM will not become active until they have been > backed up
Back them up and run ods-ksmutil backup done. Or better, use the prepare/commit parts before/after the backup. If you don't want to backup your keys (seriously?!?) you can set that in the config- files. The default configfiles assume you are taking precautions and therefore making backups. > 2. Feb 26 19:45:21 debian ods-enforcerd: WARNING: KSK rollover for > zone 'xxx.com' not completed as there are no keys in the 'ready' > state; ods-enforcerd will try again when it runs next The suggestions promote keys to the ready state, and signing should commence. -Rick _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
