Hi, > Hoda noticed this: > >> ods-enforcerd: [ID 630891 local0.info] NOTE: keys generated in repository >> SoftHSM will not become active until they have been backed up > > We think you have <RequireBackup/> in your conf but did not indicate to > OpenDNSSEC that you actually backed them up. Therefore it isn't allowed > to use the keys. > > So try backing up your keys or stop requiring it.
I don't think this is the issue. We are doing a key backup multiple times per day using "ods-ksmutil backup prepare" as the first step and "ods-ksmutil backup commit" as the last step of the process. So a key that was freshly generated should become active shortly after that. I also just did this manually and no keys were marked during prepare or commit: # ods-ksmutil backup prepare There were no keys to mark # ods-ksmutil backup commit There were no keys to mark Regards Marc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
