Thanks Ondrej,Everything is running now.
After everything running smoothly i followed the documentation and i
don't understand few things.
1:I have saved the zone I want to sing to the unsigned source as the
configs say and I was hoping ods-signer could sign it and I get the
signed zone in the signed directory but I don't get anything.Further to
this I decided to do *ods-signer sign tz* and I got *Zone tz scheduled
for immediate re-sign.* why does it saying it immediately and I went to
the signed directory nothing there.
2:I hope now that all config are ok to get the DS so that I can publish
to the parent How do i get this.
3:I did the bellow command and see the list bellow:-
*root@ubuntu-serv-dnssec:/var/lib# ods-ksmutil key list --verbose --zone tz
SQLite database set to: /var/lib/opendnssec/db/kasp.db
Keys:
Zone: Keytype: State: Date of next
transition: CKA_ID:
Repository: Keytag:
tz KSK publish 2011-07-02
01:04:24 2861479296b2cb6ed0f884a479b5e99d
SoftHSM 40949
tz ZSK active 2011-07-31
11:04:24 880a44b2e853db6a26368ecdf292898d
SoftHSM 48528
*Wat is the DATE OF NEXT TRANSITION.I was hoping it to be *2012-07-02
01:04:24 *(Meaning its after 1 year for KSK ) ZSK is ok i think.
KIndly assist as I am trying to get to know these things better.
Bryton.
On 06/30/2011 06:06 PM, Ondřej Surý wrote:
I guess I need to add this README.Debian to opendnssec-signer as well:
If you are going to use softhsm, you need to allow opendnssec user
to access /var/lib/softhsm (or another place where you keep your
softHSM database). On standard debian system, it should be sufficient
to add opendnssec user to softhsm group by issuing:
# adduser opendnssec softhsm
On Thu, Jun 30, 2011 at 17:04, Bryton<[email protected]> wrote:
Starting enforcer...
OpenDNSSEC ods-enforcerd started (version 1.2.1), pid 1982
Starting signer engine...
Starting signer...
OpenDNSSEC signer engine version 1.2.1
SoftHSM: Could not open the config file: /etc/softhsm/softhsm.conf
Could not start signer
It seems the error of libxml is gone after removing it from /usr/local/lib
but stil signer could not start
On 06/30/2011 05:53 PM, Ondřej Surý wrote:
Well, I would suggest removing the libxml2 from /usr/local/lib and use
packaged version unless you explicitly need something not in the
package.
Mixing packaged libraries with /usr/local/lib never plays well.
O.
On Thu, Jun 30, 2011 at 16:51, Rickard Bellgrim<[email protected]>
wrote:
On Thu, Jun 30, 2011 at 4:44 PM, Bryton<[email protected]> wrote:
/usr/sbin/ods-signerd: /usr/local/lib/libxml2.so.2: no version
information
available (required by /usr/sbin/ods-signerd)
Try rebuilding the dynamic linker cache.
sudo ldconfig
// Rickard
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
--
Regards,
Bryton.
--
Regards,
Bryton.
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
