NTP - big picture
Gary E. Miller
gem at rellim.com
Fri Feb 1 00:53:05 UTC 2019
Yo Hal!
On Wed, 30 Jan 2019 20:29:27 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:
> I think we should step back and look at the big picture.
Or a smaller picture.
> There is discussion going on about the changes to ntp.conf.
The smaller picture below:
> The other large area I can see is TLS and certificates. We are going
> to need good documentation to guide a server operator through setting
> up certificates. (Pointers to other documentation are fine.)
Easy: https://letsencrypt.org/getting-started/
> We are also going to need documentation for how to setup self-signed
> certificates for testing.
Not really. If you have a fixed public hostname, then Lets Encrypt is
easy and quick. If you do not have a fixed public hostname, then game
over.
> If anybody is familiar with TLS, I think it would be wonderful if we
> had some throw-away code that was a TLS server and client that we
> could use for testing certificates.
Easy, just install nginx or apache. Then follow their TLS guides:
https://nginx.org/en/docs/http/configuring_https_servers.html
https://httpd.apache.org/docs/current/ssl/ssl_howto.html
Our setup, when we figure out what it is, will be very similar.
> Are there any big chunks I didn't mention?
Yes.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190131/4da63f92/attachment.bin>
More information about the devel
mailing list