Maintained by: NLnet Labs

[Unbound-users] could not create unbound_control.pem

W.C.A. Wijngaards
Fri Aug 13 15:03:22 CEST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Bruce,

Recently I upgraded the keys created by unbound-control-setup from
1024-bits-SHA1 to 1536-bits-SHA256 for the added security strength.
However your openssl does not have SHA256.  (it is likely pretty old,
did you also want to use DNSSEC? The root uses SHA256 ... you can
compile unbound with openssl from a different version if you want).

Anyway, the solution to your immediate trouble is vi
/usr/local/sbin/unbound-control-setup and on line 52 change HASH=sha256
to HASH=sha1.

Best regards,
   Wouter

On 08/13/2010 02:16 PM, Hayward, Bruce wrote:
>  
> 
> We are trying unbound on a couple of type of servers.  Currently on a
> Sun Netra 240 running Solaris 10.
> 
>  
> 
> After configure/gmake.gmake install I see the below unknown option
> –sha256, and in the end: ./unbound-control-setup fatal error: could not
> create unbound_control.pem
> 
>  
> 
> :
> 
> root at wnpgmb024rw-ns05# ./unbound-control-setup
> 
> setup in directory /var/unbound
> 
> unknown option -sha256
> 
> 
> ./unbound-control-setup fatal error: could not create unbound_control.pem
> 
> root at wnpgmb024rw-ns05# [B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxlQpoACgkQkDLqNwOhpPhcYgCeMW6pKwh6y1gH/ETFJd0O8mtZ
nioAn0hydCbfz4ae0FtiulOwaAZM5On8
=fxNB
-----END PGP SIGNATURE-----