rpms / opendnssec

Clone
Source Code
GIT

Blame SOURCES/0002-get-started.patch

c7 c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   dd3346a020052dba871c30cf07efe4f4a5de01e4
  2.   SOURCES
  3.   0002-get-started.patch
Blob History Raw
dd3346 
diff -rNu3 opendnssec-1.4.6/GETSTARTED opendnssec-1.4.6.new/GETSTARTED
dd3346 
--- opendnssec-1.4.6/GETSTARTED	1970-01-01 01:00:00.000000000 +0100
dd3346 
+++ opendnssec-1.4.6.new/GETSTARTED	2014-09-23 08:20:07.000000000 +0200
dd3346 
@@ -0,0 +1,22 @@
dd3346 
+For detailed instructions please see
dd3346 
+https://wiki.opendnssec.org/display/DOCS/Getting+Started
dd3346 
+
dd3346 
+Quick start:
dd3346 
+1. Get HSM module with PKCS#11 interface. You can use SoftHSM package.
dd3346 
+
dd3346 
+2. Configure SoftHSM v2:
dd3346 
+2.1. Check /etc/softhsm2.conf and optionally change paths if necessary
dd3346 
+2.2. Make up your own PIN and SO PIN!
dd3346 
+2.3. Initialize SoftHSM token:
dd3346 
+$ softhsm2-util --init-token --slot 0 --label "OpenDNSSEC" \
dd3346 
+    --pin 5678 --so-pin 9012
dd3346 
+2.4. Allow OpenDNSSEC user to access SoftHSM data:
dd3346 
+    $ chown -R ods: <path from /etc/softhsm2.conf>
dd3346 
+
dd3346 
+3. Configure OpenDNSSEC:
dd3346 
+3.1. Write token PIN to /etc/opendnssec/conf.xml
dd3346 
+3.2. Review and modify Key and Signing Policy in /etc/opendnssec/kasp.xml
dd3346 
+3.3. Initialize OpenDNSSEC database:
dd3346 
+    $ ods-ksmutil setup
dd3346 
+
dd3346 
+4. Use OpenDNSSEC - see man ods-ksmutil

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation