Hi, You don't mention a step where you create the keys. I'm not running 1.4.0 yet, but I imagine that you still have to do that manually.
It might be helpful to walk through <http://www.opendnssec.org/documentation/using-opendnssec/> and see if there are steps that you missed. dave On 2013-01-29, at 9:34 PM, 刘硕 <[email protected]> wrote: > Hi Dave, > > I'm testing opendnssec-1.4.0rc2 with AEP Keyper, I can start the service now, > ods-signerd and ods-enforcerd are running. > But when I use ods-ksmutil zone add -z dstest to add a new zone, I found no > keys with ods-ksmuitl key list > > I get logs like: > Jan 30 10:03:06 CST-BJ-103 ods-signerd: [cmdhandler] received command update > --all[12] > Jan 30 10:03:06 CST-BJ-103 ods-signerd: [zonelist] read file > /home/gtld/software/opendnssec-1.4.0rc2/etc/opendnssec/zonelist.xml > Jan 30 10:03:06 CST-BJ-103 ods-signerd: [worker[2]] configure zone dstest > Jan 30 10:03:06 CST-BJ-103 ods-signerd: [file] unable to stat file > /home/gtld/software/opendnssec-1.4.0rc2/var/opendnssec/signconf/dstest.xml: > ods_fopen() failed > Jan 30 10:03:06 CST-BJ-103 ods-signerd: [zone] zone dstest signconf file > /home/gtld/software/opendnssec-1.4.0rc2/var/opendnssec/signconf/dstest.xml is > unchanged since 2013-01-30 10:03:06 > Jan 30 10:03:06 CST-BJ-103 ods-signerd: [worker[2]] CRITICAL: failed to sign > zone dstest: General error > Jan 30 10:03:06 CST-BJ-103 ods-signerd: [worker[2]] backoff task [configure] > for zone dstest with 60 seconds > > And there is no dstest.xml in var/opendnssec/signconf/ at all, and no data in > table keypairs of kasp.db. > > It seems opendnssec could not generate keys using AEP Keyper, am I right? > > Have you guys ever met this problem? > > > Best regards, > Stuart _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
