JP Mens on Nostr: Answering my own question: that is not an issue. #Knot can successfully create and ...
Answering my own question: that is not an issue.
#Knot can successfully create and use these keys for DNSSEC signing from the #hsm
#BIND utilities (9.20.3) using OpenSSL3 provider cannot. I'm almost convinced it's a config error, but I just don't see it. $OPENSSL_CONF is set, the content looks as Bv9ARM say, paths exist, *.so are accessible, but neither named(8) nor, say, dnssec-keyfromlabel(1) trigger hsm*.so - configured logging which other tools do.
#Knot can successfully create and use these keys for DNSSEC signing from the #hsm
#BIND utilities (9.20.3) using OpenSSL3 provider cannot. I'm almost convinced it's a config error, but I just don't see it. $OPENSSL_CONF is set, the content looks as Bv9ARM say, paths exist, *.so are accessible, but neither named(8) nor, say, dnssec-keyfromlabel(1) trigger hsm*.so - configured logging which other tools do.