Berry A.W. van Halderen <[email protected]> wrote: > > On 01/16/2017 09:07 PM, Michael Grimm wrote: >> Berry A.W. van Halderen <[email protected]> wrote:
>>> If you are using SoftHSM, it >>> could be due to permissions problems on the files where the keys >>> are stored, or to a full filesystem. Check /var/lib/softhsm, >>> the default location (set in /etc/softhsm.conf). >> >> -rw-r--r-- 1 root wheel uarch 44032 Jan 16 20:48 >> /usr/local/var/opendnssec/kasp.db > > I'm afraid that is the enforcer database, it has no storage of > the keys. > Given SoftHSM, the proper location is can be seen in /etc/softhsm.conf > or /usr/local/etc/softhsm.conf. Sorry my fault. Here is the information you asked for: MW-dns2|root> ls -al /usr/local/var/softhsm/slot0.db -rw------- 1 root wheel uarch 150528 Jan 4 03:01 /usr/local/var/softhsm/slot0.db > Also check if there is a <Capacity> specified in your > /usr/local/etc/opendnssec/conf.xml > This is also a limit on the maximum keys possible. No, there is no such Capacity limitation defined. >>> You can also increase the verbosity in conf.xml and restart >>> to get a bit more information. >> >> I had had <Verbosity>3</Verbosity>. I did increase to 4,5, and 10, but >> to no avail. The very same log messages are reported, no additional >> ones. Is this the verbosity you were refering to? > > Yes, you did restart the daemons right? Yes :-) > An increase to 6 or 7 often is very verbose. Not here :-( Still no increase observable. >>> Did you keep the original >>> /usr/local/var/opendnssec/signconf/example.com.xml >>> by any change? >> >> Yes. I did save before rescue trials: >> >> -rw-r--r-- root/opendnssec 990 2017-01-06 21:02 >> opendnssec/signconf/example.com.xml >> >> What do you want me to do with that? > > Can you send it to me privately? Me or one of my co-workers can > have a look at it. There are only references to keys placed > there so no serious security concerns. Sure, I will send it in private mail. Regards, Michael _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
