Affects Version/s: OpenDNSSEC 1.4.7
Fix Version/s: None
Ubuntu 14.04.2LTS, 3.13.0-30-generic #55-Ubuntu SMP, OpenDNSSEC 1.4/develop (commit 91769197a9f3ed06c75adaf75fe1872fc4dee913), SoftHSM 1.3.5-1ubuntu3
Hardware: ContactCard SmartCard HSM
A little later, when OpenDNSSEC was about to sign the zone again:
and the enforcer had died. After restarting it, I tried a rollover
only to find the enforcer died again. Creating KSK keys manually on the SmartCard-HSM with ods-ksmutil key generate works, however.
n spite of having pre-generated sufficient keys, things are not going as I'd hoped they would: when I kick the signer, I see this in the logs, and the signed file isn't updated.
what? If that all failed, how could OpenDNSSEC have created the very first KSK when it initially launched?
Several days later, I pick up again where I left off. Then:
I give up.