View details of the specific keys, create an email message containing the key,
perform an emergency key rollover, and delete the key.
Viewing key details
Review general information of a Zone Signing Key (ZSK) and Key Signing Key (KSK).
Note: The Address Manager v25.1.0 UI displays ZSK/KSK timestamps according to the
browser's timezone. If the Address Manager server is configured with a different
timezone than the browser, the timestamp on the server will be converted to the
browser's timezone when displayed in the UI.
To view ZSK/KSK details:
-
Select the DNS or IPAM tab in the
sidebar, then navigate to a DNS zone or reverse zone.
-
Select the DNSSEC tab.
-
Select the row containing the ZSK or KSK.
-
The expanded details section displays the following information about the
DNSSEC key:
- Object ID—the system identification number for the DNSSEC
key.
- Active—the status of the key. Yes indicates
that the key is currently active. No indicates that the key is
inactive; either its start time hasn't yet been reached, or its expiry
date has elapsed.
- Key provider—the selected key provider (either Address
Manager or Entrust HSM).
- TTL—the TTL (time to live) for the key if an override TTL is
specified when the key is created.
- Algorithm—the algorithm used to generate the key.
- Creation time—the date and time the key was generated.
- Expiration time—the date and time at which the
key expires.
- Key tag—the key tag data for the key. The key tag is used during
DNSSEC validation and when signing and resigning zones.
- Length (bits)—the number of bits in the key.
- Start time—the date and time for the beginning of
the key’s validity period. The start time is always midnight of the day
you created the key.