Op 25-06-18 om 15:45 schreef Berry A.W. van Halderen: > On 06/25/2018 03:05 PM, Casper Gielen wrote: >> Op 25-06-18 om 11:49 schreef Casper Gielen: >>> >>> I've verified that everything under /var/lib/opendnssec is readable and >>> writable by the opendnssec user. The configuration, under >>> /etc/opendnssec, is readable but not writable. >> >> Minutes after I wrote this a colleague added a new zone (ucgv.nl) that >> immediately ran into trouble. >> Unfortunately I do not have complete logging, this is what I do have: > > This could be much unrelated from the earlier issue. > > Are you using SoftHSM as HSM? If so, which version? > There is a known, resolved issue with certain versions.
We were on SoftHSM 2, version 2.2.0, Debian package v3, as provided by Debian Stretch. I just switched to SoftHSM 2.4.0, form Debian Unstable. Onfortunately this did not magically solve my problems, the signer is still not able to get the key that should be available: # ods-hsmutil list | grep a1d5274f2e3c73eb73ec99c16e781d0d /tmp/hsmkeys LocalHSM a1d5274f2e3c73eb73ec99c16e781d0d RSA/2048 I'll run it for a bit and see if anything improves. -- Casper Gielen <[email protected]> | LIS UNIX PGP fingerprint = 16BD 2C9F 8156 C242 F981 63B8 2214 083C F80E 4AF7 Universiteit van Tilburg | Postbus 90153, 5000 LE Warandelaan 2 | Telefoon 013 466 4100 | G 236 | http://www.uvt.nl _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
