NTP - big picture

[Richard Laager]

On 1/31/19 7:28 PM, Hal Murray via devel wrote:
> I'm looking for a way to test without a domain.
The problem with using a self-signed certificate is that it won't
validate. So you either need a configuration option to tell ntpd to
ignore the NTS-KE server's certificate failure, or you actually need to
setup your own private CA.

Such a confirmation option may be desirable for testing. But it's also
an attractive nuisance. In a world where certificates are available for
free from Let's Encrypt, I'm not sure it's necessary. I know that you
are personally looking to do this without a domain, but how common are
people who are _both_ looking to run an NTP server _with NTS_ and do not
have a domain?

There are plenty of guides for setting up a private CA, but this one
looks pretty good and comprehensive:
https://jamielinux.com/docs/openssl-certificate-authority/introduction.html

-- 
Richard