-
Type:
Story
-
Status: Resolved
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 2.0.0
-
Fix Version/s: None
-
Component/s: Enforcer NG
-
Labels:None
Another bug appears when having sharedkey in conf and using 'key rollover', when the new key must be created (because
there is no unused key in hsm), the signconf is using the old cka_id for this new key.
to reproduce:
1) set <ShareKeys/> in conf file
2) set KSK lifetime to 1 year
3) add zone
4) check key list -v
5) run 'key rollover --keytype ksk' (now it generates a new ksk)
6) check key list -v
Maybe the problem is related to number of keys generated when using shared key:
for one zone: number of keys (no shared key) = number of keys (shared key) + 2