cloudflare refers NTS users to wrong page

Hal Murray hmurray at
Fri Dec 13 09:56:44 UTC 2019

> Can anybody confirm that installing the certificates for ntpd as a server can
> fix the client-side certificate issues as well? 



For a client, you need a root certificate for each server's certificate.  Most 
distros have a package with many root certificates and their libssl is setup 
to know where that lives so you don't have to do anything more than add "nts" 
to the server line.  (Web browsers are normally setup to use that collection.)

On Fedora, it's ca-certificates.noarch
The sudo package needs it (??) so it is probably installed on your system.

For a server, you need a certificate (chain) and the corresponding private 
key.  Your clients need the root certificate.  If you have a typical 
certificate, one that would work for a web site, the root certificate is 
probably part of the normal package.  If you have a self signed certificate, 
you have to distribute your root certificate and they have to add that to 
their server line:
  server nts ca <root-cert-file-name>


Do you have an "nts ca xxxxx" line in your ntp.conf?  That would override the 
default certificate collection?

These are my opinions.  I hate spam.

More information about the devel mailing list