RE: [Opendnssec-user] Re: ods-enforcerd: Error creating key in repository SoftHSM-KSK

Abdalmonem Tharwat Galila Sun, 31 Aug 2014 03:23:35 -0700

-----Original Message-----
From: [email protected] 
[mailto:[email protected]] On Behalf Of Jarno 
Huuskonen
Sent: Sunday, August 31, 2014 12:32 PM
To: [email protected]
Subject: [Opendnssec-user] Re: ods-enforcerd: Error creating key in repository 
SoftHSM-KSK


Hi,

> I got the following error message and enforcer could not restarted
> 
> [root@ns2 ~]# ods-control start
> Starting enforcer...
> OpenDNSSEC ods-enforcerd started (version 1.4.5), pid 9473 Could not 
> start enforcer
> [root@stage-ns2 ~]# tail -f /var/log/messages Aug 30 01:03:27 
> stage-ns2 ods-enforcerd: Connecting to Database...
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy default found.
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off.
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: No zones on policy default, 
> skipping...
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Policy DotMasr found.
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Key sharing is Off.
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 zone(s) found on policy "Dot2"
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: 1 new KSK(s) (2048 bits) need to be 
> created for policy Dot2: keys_to_generate(1) = keys_needed(1) - 
> keys_available(0).
> Aug 30 01:03:27 stage-ns2 ods-enforcerd: Error creating key in 
> repository SoftHSM-KSK Aug 30 01:03:27 stage-ns2 ods-enforcerd: 
> generate key pair: CKR_GENERAL_ERROR

>> What do you have in softhsm.conf (/etc/softhsm.conf) ?

0:/var/softhsm/slot0.db
1:/var/softhsm/slot1.db
2:/var/softhsm/slot2.db

>> Is the user account used for ods-enforcerd able to access the files defined 
>> in softhsm.conf (can change to the directory and read/write the files).

How to get that user , you are talking about ?

>> Does your opendnssec/conf.xml <Repository> / <TokenLabel> match what you get 
>> with "softhsm --show-slots" ?

Yes , matches

Available slots:
Slot 0
           Token present: yes
           Token initialized: yes
           User PIN initialized: yes
           Token label: OpenDNSSEC
Slot 1
           Token present: yes
           Token initialized: yes
           User PIN initialized: yes
           Token label: KSK
Slot 2
           Token present: yes
           Token initialized: yes
           User PIN initialized: yes
           Token label: ZSK


>> -Jarno

--
>> Jarno Huuskonen
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

RE: [Opendnssec-user] Re: ods-enforcerd: Error creating key in repository SoftHSM-KSK

Reply via email to