Hi Arun, What version of OpenDNSSEC are you using?
//Yuri On 11-06-17 11:05, Arun Natarajan wrote: > Hello, > > I accidentally ended up in a state which - the key with CKA_ID > "fc1c149afbf4c8996fb92427" is not existing on SoftHSM. > > example.com <http://example.com> ZSK > active 2017-12-15 14:35:15 (retire) 2048 8 > fc1c149afbf4c8996fb92427 SoftHSM_1 NOT IN repository > example.com <http://example.com> KSK > ready waiting for ds-seen (active) 2048 8 > fc1c149afbf4c8996fb92427 SoftHSM_2 NOT IN repository > > But ods put those keys in active state for ZSK and ready state > (ds-seen) for KSK. Basically I cannot just delete the keys from ODS. > > "The enforcer believes that this key is in use, quitting..." > > With a roll over the ZSK is fine, it published a new key, but for KSK > ds-seen or roll over does not help. > > - ds-seen > " > cka_id fc1c149afbf4c8996fb92427 in DB but NOT IN repository > No keys in the READY state matched your parameters, please check the > parameters > " > > appreciate any advice, to get rid of the non-hsm KSK CKA_ID? > > - > Thanks > Arun > > > _______________________________________________ > Opendnssec-user mailing list > [email protected] > https://lists.opendnssec.org/mailman/listinfo/opendnssec-user >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
