Hi folks, We're planning to set up a signing environment with redundant signer servers that both have their own hardware HSM. The keys and the key information should thus be synchronized between the servers in order to reduce the amount of manual work when switching over to the secondary server. That is, the secondary server should always have the same keys as the primary server and should always know, which keys are currently active.
The keys can be obviously synchronized by replicating the encrypted keystore file between the servers (at least when using Sun SCA). In addition to the keystore, is it enough to replicate the KASP database (kasp.db) between the servers? It seems that the kasp.db contains all the information about the keys and their states, but please let me know if there are some other files that need to be synchronized. Thanks, Antti _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
