Hello Daniel,

thanks for your hint.

But seems to be a good question - how to somehow convert .pem to .private?

The .private format should contains a hash which is probably combined from .pem and used algorithms.

i.e

Private-key-format: v1.3

Algorithm: 13 (ECBSAP256SHA256)

PrivateKey: tCVJuLcTTBJ6cwXoyxYxE6wQlEB1fKHlVnVKc/YPBET=

Created: 20190227083519

Publish: 20190227083519

Activate: 20190227083519

Then I logically looking for some tool which allows me this conversion. When BIND sign the zone by himself it uses a /dev/random to combine the .private. If you can hint me some usable 3rd party tool for manual conversion I'll be really happy.

I check the keymgr which allows reverse conversion from BIND .key and .private to KNOT.

Best regards.
--
Smil Milan Jeskyňka Kazatel

Hello Milan,

We don't provide any tool for such a conversion. But it should be
possible
to do it manually. The .key file is simple. Just use `keymgr <zone>
dnskey`.
The .private file is more tricky. You have to somehow convert Knot's
.pem file
and set timestamp and other items.

Daniel

On 2019-03-04 10:05, Milan Jeskynka Kazatel wrote:
> Hello community,
>
> can I somehow convert stored certificates for a signed zone to BIND
> format?
>
> My use case is to change used topology for authoritative servers. I´m
> manage existing zones in Knot, now I would like to transfer it to BIND
> and use existing certificates for signing it on BIND due to DS records
> in parent zones. The knot will be reconfigured as a slave.
>
> Is it possible to achieve it?
>
> Thanks.
> --
> Smil Milan Jeskyňka Kazatel