Yuri Schaeffer wrote:
dns|root> ods-hsmutil -v test SoftHSM
Hmm this shows that generating new keys is not a problem perse. Can you
send me your kasp.xml?
[see separate mail]
What to do next:
#) would such a database be possible to migrate to softhsm2? Either
by the migration script or manually (export, import)?
If this is indeed a softhsm issue it might work. I'm not involved in
the
SoftHSM development but as far as I know SoftHSMv2 includes a
softhsm2-migrate program to do this import for you.
Yes, there is such a tool. I was referring to: wouldn't it be wiser to
export/import every non-problematic domain manually instead?
#) should I try to trigger a manual ZSK rollover for the erratic
domain?
It seems to have trouble generating new keys from the enforcer. So I
don't think that would help you.
Thanks for your clarification.
#) I am already thinking about a worst case scenario: Restarting from
scratch (only 9 domains involved). I have read that it should be
possible to run two opendnssec versions in parallel. Can you confirm
this?
It is perfectly possible to run two instances in parallel. Though you
have to make sure you set all the paths correctly so that config files,
PID files, tmp files etc don't mix.
Ok, then I will give that a try.
Again, I do really appreciate the help from all of you,
Michael
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
