> Clearly there's a bad assumption on my part somewhere in here. Yes, if you create keys manually then you have to add them manually to OpenDNSSEC before you start OpenDNSSEC. If you have not added them to the Enforcer, then it will create keys by itself. My recommendation is to not generate keys manually, but to let OpenDNSSEC do that for you.
ods-hsmutil, as the documentation says, talks directly with the HSM. OpenDNSSEC will thus have no knowledge of the keys, unless you till it what to do. // Rickard _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
