On Tue, 2015-12-29 at 14:30 +0100, Günther J. Niederwimmer wrote: > Hello, > > Is it possible to install a DSNSEC Master with my before created KSK ZSK? > > Background: > > I have installed a IPA Master on my System now I have change the Hardware and > make a new installation with new Hardware?
Unless you want to trash your current install for some reason, it would be easier to simply create an ipa replica on the new hardware so that all keys get transferred too. When you retire your old master you will have to reconfigure the remaining replica to become the server that rotate the DNS keys. > I have only a backup from the Files in > /var/named/dyndb-ldap/ipa/master/example.com/keys/ > > When I now enable a new DNSSEC Master create freeIPA new KSK ZSK for the > Domain ? If you have already destroyed your original master it is probably easier to just regenerate all keys and upload the new public keys on the glue record of the delegating provider. Simo. > Then I have to wait after the holidays to UPDATE the DS Record on my ISP :-(. > > Thanks for a answer, > > -- > mit freundlichen Grüßen / best regards, > > Günther J. Niederwimmer > -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project