Hi Matthijs,
>> Note: the KSK was previously active, while the ZSK was retired. > > When the ZSK is retired, the signer will not create new signatures > anymore. You should probably add the <ZSK/> flag in the <key> section. That's what I was missing. Thanks, I'll try that! >> So what am I missing? Does the signer read the kasp.db? (I made the old >> ZSK active in the kasp.db, just in case, but that does not seem to >> help). What am I missing? > > The signer does not read kasp.db, it's an enforcer thingy. The signer > gets its configuration from the signconf xml file. ok, thanks for confirming. >> BTW: is there a way to tell the signer where to put his PID? > > Just introduced in 1.3.17: <PidFile> :) (and soon to be in 1.4.6 too). Great :) I will not upgrade straight away (just in case my issue had its roots in 1.3.14), but it will come handy. I'll try these tomorrow, have a train to catch :) cheers, Gilles _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
