[Freeipa-users] DNSSEC active (?) ods-ksmutil
Günther J. Niederwimmer
gjn at gjn.priv.at
Fri May 13 12:07:38 UTC 2016
Hello Petr,
thank you for the answer
Am Freitag, 13. Mai 2016, 13:35:57 CEST schrieb Petr Spacek:
> On 13.5.2016 13:14, Günther J. Niederwimmer wrote:
> > Cannot open destination file, will not make backup.
> > No keys in the READY state matched your parameters, please check the
> > parameters
>
> This is correct. Configured TTL did not expire yet so the key is not
> "ready". See the column "Date of next transition". You will be able to
> activate the key when this time passes.
>
> For detailed info please see
> https://wiki.opendnssec.org/display/DOCS/Key+States
>
> If you are going to use DNSSEC please make sure to use very latests FreeIPA
> 4.3.1 or newer. We fixed a lot of bugs in the last release.
My system is a CentOS 7.2, can I found the newer FreeIPA rpm on any repository
for this System ?
This is my private Server and I hope this is running correct ?
> Petr^2 Spacek
>
> > when i say
> >
> > sudo -u ods SOFTHSM2_CONF=/etc/ipa/dnssec/softhsm2.conf ods-ksmutil key
> > list --verbose
> > SQLite database set to: /var/opendnssec/kasp.db
> > Keys:
> > Zone: Keytype: State: Date of next
> > transition (to): Size: Algorithm: CKA_ID:
> > Repository: Keytag:
> > examle.com KSK publish 2016-05-14
> > 00:16:00 (ready) 3072 8 6145b3b71c448dfc1130d0f9d2caac79
> > SoftHSM 40447
> > example.com ZSK active 2016-08-11
> > 10:16:00 (retire) 2048 8 d7fe5c98d5f3f89aefb9e8dfb92ebcb1
> > SoftHSM 60630
> >
> > The DS Record are published in the ".com" Domain
> >
> > dig +rrcomments example.com DS
> > ;; ANSWER SECTION:
> > example.com. 85610 IN DS 40447 8 1
> > 4E04D91BF29E1941E00CC36B13BC3F50BBA5C913
> > example.com. 85610 IN DS 40447 8 2
> > 92EE9E785D07C2BBCA83DFB1156D4D01052B441B8F3898734
> >
> > Is this the correct status or have I to change anything ?
> >
> > Have I to change the KSK status form publish to active or is this correct
> > ?
> >
> > Thanks for a answer
--
mit freundlichen Grüßen / best regards,
Günther J. Niederwimmer
More information about the Freeipa-users
mailing list