[Rspamd-Users] rspamadm vault rollover
lists at mlserv.org
lists at mlserv.org
Wed May 13 11:01:10 UTC 2020
Hi,
I have used vault/consul for one domain in testing mode more than a year now. Yesterday I switched completely to vault/consul with all other domains.
For the one domain that was in testing mode, I had called:
rspamadm vault rollover roessner.email
which generated a new rsa and ed25519 key. I imported the pub keys into DNS. So far so good.
Today I ran:
rspamadm vault rollover -r roessner.email
in the hope that only expired keys would be removed, but unfortunately that generated a new pair rsa and ed25519 keys.
I think I still do not understand the normal workflow.
I decided to completely delete the keys for roessner.email and create two new ones. So I have a clear new starting position.
But how to I have to process in future? Could someone please explain step-by-step the necessary commands? I have read the documentation on the website, but as you see, I still don't get it right.
Would be nice to see it for
rspamadm vault create --bits 2048 example.com
rspamadm vault create --algorithm ed25519 example.com
Does it require expire options? TTLS whatever? Steps to rollover.
Many thanks in advance
Christian
--
Rößner-Network-Solutions
Karl-Bröger-Str. 10, 36304 Alsfeld
Fax: +49 6631 78823409, Mobil: +49 171 9905345
USt-IdNr.: DE225643613, https://roessner.website
PGP fingerprint: 658D 1342 B762 F484 2DDF 1E88 38A5 4346 D727 94E5
More information about the Users
mailing list