On 27/06/12 13:24, Bas van den Dikkenberg wrote:
Hi all,
Is there a way to turn current active ksk in to an non Turn ksk in to
non-retiring key ?
With kind regards,
Bas van den Dikkenberg
Not for just one key; you can make a policy where the KSK lifetime is
large, and set the "Manual Rollover" option. This will apply to _all_
KSKs on that policy however.
See:
https://wiki.opendnssec.org/display/DOCS/Key+Management#KeyManagement-Keyrolloversonexactdates
The reason to set the lifetime high in this case is just to stop log
messages prompting you to roll the key, and possible auditor messages
about the key use.
Sion
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
