Agenda: opendnssec-lab2.txt

File opendnssec-lab2.txt, 689 bytes (added by admin, 6 years ago)
Line 
1KEY BACKUP
2
31. Backup your keys
42. ods-ksmutil backup prepare
5   ods-ksmutil backup commit
6
7KEY PRE-CREATION
8
9Take a look at the existing keys:
10
11# ods-ksmutil key list -v
12
13Notice the keytypes, the tags
14
15Notice that these keys are stored in the SoftHSM
16
17# ods-hsmutil list
18
19We can let OpenDNSSEC create keys "on the fly", or we can
20prepare some in advance:
21
22# ods-ksmutil key generate --p default --interval PT12H
23
24(this would generate keys for the "default" policy, for the next 12 hours)
25
26Look again at the list of keys in the HSM:
27
28# ods-hsmutil list
29
30ZSK ROLLOVER
31
32# ods-ksmutil key rollover --zone mydomain --keytype ZSK
33
34Now control the list of keys again:
35
36# ods-ksmutil key list -v