Hello Daniel,
thanks for your hint.
But seems to be a good question - how to somehow convert .pem to .private?
The .private format should contains a hash which is probably combined from .pem and used
algorithms.
i.e
Private-key-format: v1.3
Algorithm: 13 (ECBSAP256SHA256)
PrivateKey: tCVJuLcTTBJ6cwXoyxYxE6wQlEB1fKHlVnVKc/YPBET=
Created: 20190227083519
Publish: 20190227083519
Activate: 20190227083519
Then I logically looking for some tool which allows me this conversion. When BIND sign
the zone by himself it uses a /dev/random to combine the .private. If you can hint me some
usable 3rd party tool for manual conversion I'll be really happy.
I check the keymgr which allows reverse conversion from BIND .key and .private to KNOT.
Best regards.
--
Smil Milan Jeskyňka Kazatel
---------- Původní e-mail ----------
Od: daniel.salzman(a)nic.cz
Komu: Milan Jeskynka Kazatel <KazatelM(a)seznam.cz>
Datum: 6. 3. 2019 21:18:35
Předmět: Re: [knot-dns-users] konvert Knot DNS sigantures certs to BIND format.
Hello Milan,
We don't provide any tool for such a conversion. But it should be
possible
to do it manually. The .key file is simple. Just use `keymgr <zone>
dnskey`.
The .private file is more tricky. You have to somehow convert Knot's
.pem file
and set timestamp and other items.
Daniel
On 2019-03-04 10:05, Milan Jeskynka Kazatel wrote:
Hello community,
can I somehow convert stored certificates for a signed zone to BIND
format?
My use case is to change used topology for authoritative servers. I´m
manage existing zones in Knot, now I would like to transfer it to BIND
and use existing certificates for signing it on BIND due to DS records
in parent zones. The knot will be reconfigured as a slave.
Is it possible to achieve it?
Thanks.
--
Smil Milan Jeskyňka Kazatel