cloudflare refers NTS users to wrong page
hmurray at megapathdsl.net
Fri Dec 13 09:56:44 UTC 2019
> Can anybody confirm that installing the certificates for ntpd as a server can
> fix the client-side certificate issues as well?
For a client, you need a root certificate for each server's certificate. Most
distros have a package with many root certificates and their libssl is setup
to know where that lives so you don't have to do anything more than add "nts"
to the server line. (Web browsers are normally setup to use that collection.)
On Fedora, it's ca-certificates.noarch
The sudo package needs it (??) so it is probably installed on your system.
For a server, you need a certificate (chain) and the corresponding private
key. Your clients need the root certificate. If you have a typical
certificate, one that would work for a web site, the root certificate is
probably part of the normal package. If you have a self signed certificate,
you have to distribute your root certificate and they have to add that to
their server line:
server mumble.example.com nts ca <root-cert-file-name>
Do you have an "nts ca xxxxx" line in your ntp.conf? That would override the
default certificate collection?
These are my opinions. I hate spam.
More information about the devel