4 Bře
2019
4 Bře
'19
10:05
Hello community,
can I somehow convert stored certificates for a signed zone to BIND format?
My use case is to change used topology for authoritative servers. I´m manage
existing zones in Knot, now I would like to transfer it to BIND and use
existing certificates for signing it on BIND due to DS records in parent
zones. The knot will be reconfigured as a slave.
Is it possible to achieve it?
Thanks.
--
Smil Milan Jeskyňka Kazatel
6 Bře
6 Bře
21:18
Hello Milan,
We don't provide any tool for such a conversion. But it should be
possible
to do it manually. The .key file is simple. Just use `keymgr <zone>
dnskey`.
The .private file is more tricky. You have to somehow convert Knot's
.pem file
and set timestamp and other items.
Daniel
On 2019-03-04 10:05, Milan Jeskynka Kazatel wrote:
Hello community,
can I somehow convert stored certificates for a signed zone to BIND
format?
My use case is to change used topology for authoritative servers. I´m
manage existing zones in Knot, now I would like to transfer it to BIND
and use existing certificates for signing it on BIND due to DS records
in parent zones. The knot will be reconfigured as a slave.
Is it possible to achieve it?
Thanks.
--
Smil Milan Jeskyňka Kazatel
7 Bře
7 Bře
8:40
New subject: [knot-dns-users] konvert Knot DNS sigantures certs to BIND format.
Hello Daniel,
thanks for your hint.
But seems to be a good question - how to somehow convert .pem to .private?
The .private format should contains a hash which is probably combined from .
pem and used algorithms.
i.e
Private-key-format: v1.3
Algorithm: 13 (ECBSAP256SHA256)
PrivateKey: tCVJuLcTTBJ6cwXoyxYxE6wQlEB1fKHlVnVKc/YPBET=
Created: 20190227083519
Publish: 20190227083519
Activate: 20190227083519
Then I logically looking for some tool which allows me this conversion. When
BIND sign the zone by himself it uses a /dev/random to combine the .private.
If you can hint me some usable 3rd party tool for manual conversion I'll be
really happy.
I check the keymgr which allows reverse conversion from BIND .key and .
private to KNOT.
Best regards.
--
Smil Milan Jeskyňka Kazatel
---------- Původní e-mail ----------
Od: daniel.salzman(a)nic.cz
Komu: Milan Jeskynka Kazatel <KazatelM(a)seznam.cz>
Datum: 6. 3. 2019 21:18:35
Předmět: Re: [knot-dns-users] konvert Knot DNS sigantures certs to BIND
format.
"Hello Milan,
We don't provide any tool for such a conversion. But it should be
possible
to do it manually. The .key file is simple. Just use `keymgr <zone>
dnskey`.
The .private file is more tricky. You have to somehow convert Knot's
.pem file
and set timestamp and other items.
Daniel
On 2019-03-04 10:05, Milan Jeskynka Kazatel wrote:
Hello community,
can I somehow convert stored certificates for a signed zone to BIND
format?
My use case is to change used topology for authoritative servers. I´m
manage existing zones in Knot, now I would like to transfer it to BIND
and use existing certificates for signing it on BIND due to DS records
in parent zones. The knot will be reconfigured as a slave.
Is it possible to achieve it?
Thanks.
--
Smil Milan Jeskyňka Kazatel
"
12:27
Milan,
The softhsm-keyconv utility could help
(http://manpages.ubuntu.com/manpages/xenial/en/man1/softhsm-keyconv.1.html)
Daniel
On 3/7/19 8:40 AM, Milan Jeskynka Kazatel wrote:
Hello Daniel,
thanks for your hint.
But seems to be a good question - how to somehow convert .pem to .private?
The .private format should contains a hash which is probably combined from .pem and used
algorithms.
i.e
Private-key-format: v1.3
Algorithm: 13 (ECBSAP256SHA256)
PrivateKey: tCVJuLcTTBJ6cwXoyxYxE6wQlEB1fKHlVnVKc/YPBET=
Created: 20190227083519
Publish: 20190227083519
Activate: 20190227083519
Then I logically looking for some tool which allows me this conversion. When BIND sign
the zone by himself it uses a /dev/random to combine the .private. If you can hint me some
usable 3rd party tool for manual conversion I'll be really happy.
I check the keymgr which allows reverse conversion from BIND .key and .private to KNOT.
Best regards.
--
Smil Milan Jeskyňka Kazatel
---------- Původní e-mail ----------
Od: daniel.salzman(a)nic.cz
Komu: Milan Jeskynka Kazatel <KazatelM(a)seznam.cz>
Datum: 6. 3. 2019 21:18:35
Předmět: Re: [knot-dns-users] konvert Knot DNS sigantures certs to BIND format.
Hello Milan,
We don't provide any tool for such a conversion. But it should be
possible
to do it manually. The .key file is simple. Just use `keymgr <zone>
dnskey`.
The .private file is more tricky. You have to somehow convert Knot's
.pem file
and set timestamp and other items.
Daniel
On 2019-03-04 10:05, Milan Jeskynka Kazatel wrote:
Hello community,
can I somehow convert stored certificates for a signed zone to BIND
format?
My use case is to change used topology for authoritative servers. I´m
manage existing zones in Knot, now I would like to transfer it to BIND
and use existing certificates for signing it on BIND due to DS records
in parent zones. The knot will be reconfigured as a slave.
Is it possible to achieve it?
Thanks.
--
Smil Milan Jeskyňka Kazatel
13:29
New subject: [knot-dns-users] konvert Knot DNS sigantures certs to BIND format.
Hello Daniel,
many thanks for your help.
Best regards,
--
Smil Milan Jeskyňka Kazatel
---------- Původní e-mail ----------
Od: Daniel Salzman <daniel.salzman(a)nic.cz>
Komu: Milan Jeskynka Kazatel <KazatelM(a)seznam.cz>
Datum: 7. 3. 2019 12:27:15
Předmět: Re: [knot-dns-users] konvert Knot DNS sigantures certs to BIND
format.
"Milan,
The softhsm-keyconv utility could help (http://manpages.ubuntu.com/manpages/
xenial/en/man1/softhsm-keyconv.1.html)
Daniel
On 3/7/19 8:40 AM, Milan Jeskynka Kazatel wrote:
Hello Daniel,
thanks for your hint.
But seems to be a good question - how to somehow convert .pem to .private?
The .private format should contains a hash which is probably combined from
.pem and
used algorithms.
i.e
Private-key-format: v1.3
Algorithm: 13 (ECBSAP256SHA256)
PrivateKey: tCVJuLcTTBJ6cwXoyxYxE6wQlEB1fKHlVnVKc/YPBET=
Created: 20190227083519
Publish: 20190227083519
Activate: 20190227083519
Then I logically looking for some tool which allows me this conversion.
When BIND
sign the zone by himself it uses a /dev/random to combine the .
private. If you can hint me some usable 3rd party tool for manual conversion
I'll be really happy.
I check the keymgr which allows reverse conversion from BIND .key and .
private to
KNOT.
Best regards.
--
Smil Milan Jeskyňka Kazatel
---------- Původní e-mail ----------
Od: daniel.salzman(a)nic.cz
Komu: Milan Jeskynka Kazatel <KazatelM(a)seznam.cz>
Datum: 6. 3. 2019 21:18:35
Předmět: Re: [knot-dns-users] konvert Knot DNS sigantures certs to BIND
format.
Hello Milan,
We don't provide any tool for such a conversion. But it should be
possible
to do it manually. The .key file is simple. Just use `keymgr <zone>
dnskey`.
The .private file is more tricky. You have to somehow convert Knot's
.pem file
and set timestamp and other items.
Daniel
On 2019-03-04 10:05, Milan Jeskynka Kazatel wrote:
"
Hello community,
can I somehow convert stored certificates for a signed zone to BIND
format?
My use case is to change used topology for authoritative servers. I´m
manage existing zones in Knot, now I would like to transfer it to BIND
and use existing certificates for signing it on BIND due to DS records
in parent zones. The knot will be reconfigured as a slave.
Is it possible to achieve it?
Thanks.
--
Smil Milan Jeskyňka Kazatel
2434
days inactive
2437
days old
4 comments
3 participants
participants (3)
-
Daniel Salzman -
daniel.salzman@nic.cz
-
Milan Jeskynka Kazatel