| 1 | KEY BACKUP | 
|---|
| 2 |  | 
|---|
| 3 | 1. Backup your keys | 
|---|
| 4 | 2. ods-ksmutil backup prepare | 
|---|
| 5 | ods-ksmutil backup commit | 
|---|
| 6 |  | 
|---|
| 7 | KEY PRE-CREATION | 
|---|
| 8 |  | 
|---|
| 9 | Take a look at the existing keys: | 
|---|
| 10 |  | 
|---|
| 11 | # ods-ksmutil key list -v | 
|---|
| 12 |  | 
|---|
| 13 | Notice the keytypes, the tags | 
|---|
| 14 |  | 
|---|
| 15 | Notice that these keys are stored in the SoftHSM | 
|---|
| 16 |  | 
|---|
| 17 | # ods-hsmutil list | 
|---|
| 18 |  | 
|---|
| 19 | We can let OpenDNSSEC create keys "on the fly", or we can | 
|---|
| 20 | prepare some in advance: | 
|---|
| 21 |  | 
|---|
| 22 | # ods-ksmutil key generate --p default --interval P6M | 
|---|
| 23 |  | 
|---|
| 24 | (this would generate keys for the "default" policy, for the next 6 months) | 
|---|
| 25 |  | 
|---|
| 26 | Look again at the list of keys in the HSM: | 
|---|
| 27 |  | 
|---|
| 28 | # ods-hsmutil list | 
|---|
| 29 |  | 
|---|
| 30 | ZSK ROLLOVER | 
|---|
| 31 |  | 
|---|
| 32 | # ods-ksmutil key rollover --zone mydomain --keytype ZSK | 
|---|
| 33 |  | 
|---|
| 34 | Now control the list of keys again: | 
|---|
| 35 |  | 
|---|
| 36 | # ods-ksmutil key list -v | 
|---|