I'm trying to kill all references to a key in ods/softhsm
~> ods-ksmutil key ksk-retire --keytag 12345 *WARNING* This will retire the currently active KSK; are you sure? [y/N] y Found key with CKA_ID 02e940a73755801f75bc9744c608dc5e Key 02e940a73755801f75bc9744c608dc5e retired ~> ods-ksmutil key delete --cka_id 12345 Failed to determine the state of the key The problem is that this key is still showing up in the signconf XML file, and is re-introduced when running ods-ksmutl update all. But it has a wrong algorithm, and it just needs to vanish completely, as it is just breaking the signerd (which also dies upon encountering this) Is there a way to force deletion without knowing the state of the key? Paul _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
