Thnx Mekking , working now . I have another questions posted to mailing list could you advice of course of you can ?
Sent from my iPhone > On Sep 1, 2014, at 10:31 AM, "Matthijs Mekking" <[email protected]> wrote: > > Hi, > > Make sure OpenDNSSEC has permission to access the SofthHSM token > database. For example: > > $ chown opendnssec /var/lib/softhsm/slot0.db > $ chgrp opendnssec /var/lib/softhsm/slot0.db > > You can configure user and group in conf.xml, for both the enforcer and > signer with: > > <Privileges> > <User>opendnssec</User> > <Group>opendnssec</Group> > </Privileges> > > See https://wiki.opendnssec.org/display/DOCS/conf.xml > > Best regards, > Matthijs > > >> On 08/31/2014 11:25 AM, Abdalmonem Tharwat Galila wrote: >> I think its a permission problem , could you help ? >> If any clarifications needed replay me . >> Thnx >> ------------------------------------------------------------------------ >> *From:* [email protected] >> [[email protected]] on behalf of Abdalmonem >> Tharwat Galila [[email protected]] >> *Sent:* Sunday, August 31, 2014 11:18 AM >> *To:* [email protected] >> *Subject:* [Opendnssec-user] ods-enforcerd: Error creating key in >> repository SoftHSM-KSK >> >> I got the following error message and enforcer could not restarted >> >> [root@ns2 ~]# ods-control start >> Starting enforcer... >> OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 9473 >> Could not start enforcer >> [root@stage-ns2 ~]# tail -f /var/log/messages >> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Connecting to Database... >> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy default found. >> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off. >> Aug 30 01:03:27 stage-ns2 ods-enforcerd: No zones on policy default, >> skipping... >> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy DotMasr found. >> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off. >> Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 zone(s) found on policy "Dot2" >> Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 new KSK(s) (2048 bits) need >> to be created for policy Dot2: keys_to_generate(1) = keys_needed(1) - >> keys_available(0). >> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Error creating key in >> repository SoftHSM-KSK >> Aug 30 01:03:27 stage-ns2 ods-enforcerd: generate key pair: >> CKR_GENERAL_ERROR >> >> >> [root@stage-ns2 ~]# ods-hsmutil test SoftHSM -v >> Testing repository: SoftHSM >> >> Generating 512-bit RSA key... OK >> Extracting key identifier... OK, 1134ad3426577e59c44c60f2be8c6351 >> Signing (RSA/SHA1) with key... OK >> Signing (RSA/SHA256) with key... OK >> Deleting key... OK >> >> Generating 768-bit RSA key... OK >> Extracting key identifier... OK, 23a83e3a60cb2deaf108d40b2473cdd3 >> Signing (RSA/SHA1) with key... OK >> Signing (RSA/SHA256) with key... OK >> Deleting key... OK >> >> Generating 1024-bit RSA key... OK >> Extracting key identifier... OK, e27502cde45ad9594f4170c323277428 >> Signing (RSA/SHA1) with key... OK >> Signing (RSA/SHA256) with key... OK >> Signing (RSA/SHA512) with key... OK >> Deleting key... OK >> >> Generating 1536-bit RSA key... OK >> Extracting key identifier... OK, 01d15dcaeff6862df8fd92477fa59023 >> Signing (RSA/SHA1) with key... OK >> Signing (RSA/SHA256) with key... OK >> Signing (RSA/SHA512) with key... OK >> Deleting key... OK >> >> Generating 2048-bit RSA key... OK >> Extracting key identifier... OK, c5ac4f805cd3c11b7e7ed53616c6c345 >> Signing (RSA/SHA1) with key... OK >> Signing (RSA/SHA256) with key... OK >> Signing (RSA/SHA512) with key... OK >> Deleting key... OK >> >> Generating 4096-bit RSA key... OK >> Extracting key identifier... OK, d728d0cbf867eebe912f1688d0f9cf6b >> Signing (RSA/SHA1) with key... OK >> Signing (RSA/SHA256) with key... OK >> Signing (RSA/SHA512) with key... OK >> Deleting key... OK >> >> Generating 512-bit DSA key... Failed >> generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED >> >> Generating 768-bit DSA key... Failed >> generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED >> >> Generating 1024-bit DSA key... Failed >> generate domain parameters: CKR_FUNCTION_NOT_SUPPORTED >> >> Generating 512-bit GOST key... Failed >> generate key pair: CKR_MECHANISM_INVALID >> >> Generating 1024 bytes of random data... OK >> Generating 32-bit random data... 2643190841 >> Generating 64-bit random data... 9844808495919432962 >> [root@stage-ns2 ~]# >> >> >> and no keys :- >> >> [root@stage-ns2 ~]# ods-hsmutil list >> >> Listing keys in all repositories. >> 0 keys found. >> >> Repository ID Type >> ---------- -- ---- >> [root@stage-ns2 ~]# >> >> >> [root@stage-ns2 ~]# softhsm --show-slots >> Available slots: >> Slot 0 >> Token present: yes >> Token initialized: yes >> User PIN initialized: yes >> Token label: OpenDNSSEC >> Slot 1 >> Token present: yes >> Token initialized: yes >> User PIN initialized: yes >> Token label: KSK >> Slot 2 >> Token present: yes >> Token initialized: yes >> User PIN initialized: yes >> Token label: ZSK >> [root@stage-ns2 ~]# >> >> >> Could you advice ? >> >> >> _______________________________________________ >> Opendnssec-user mailing list >> [email protected] >> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user >> > _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
