-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 2.1.8
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:
OpenBSD 6.9-beta
I've got a CSK setup. The CSK rollover worked as expected:
| Keytype: | State: | Date of next transition: | Size: | Algorithm: | CKA_ID: | Repository: | KeyTag: |
|---|---|---|---|---|---|---|---|
| CSK | retire | 2021-04-07 03:22:05 | 384 | 14 | 3dae... | SoftHSM | 36329 |
| CSK | active | 2021-04-07 03:22:05 | 384 | 14 | b6ff... | SoftHSM | 9778 |
When I issue
ods-enforcer key ds-gone --zone <zone> --keytag 36329
or
ds-enforcer key ds-gone --zone <zone> --cka_id 3dae...
I get
0 KSK matches found. 0 KSKs changed.
How can I retire my old CSK?