NTP - big picture

Gary E. Miller gem at rellim.com
Fri Feb 1 03:03:53 UTC 2019


Yo Richard!

On Thu, 31 Jan 2019 19:48:37 -0600
Richard Laager via devel <devel at ntpsec.org> wrote:

> On 1/31/19 7:28 PM, Hal Murray via devel wrote:
> > I'm looking for a way to test without a domain.  
> The problem with using a self-signed certificate is that it won't
> validate.

Maybe, ways around it, and not required.

> So you either need a configuration option to tell ntpd to
> ignore the NTS-KE server's certificate failure, or you actually need
> to setup your own private CA.

Both easy.

But Let's Encrypt (LE) is even easier, why bother?

> Such a confirmation option may be desirable for testing. But it's also
> an attractive nuisance.

Yes, LE is best if you have a FQDN.

> In a world where certificates are available
> for free from Let's Encrypt, I'm not sure it's necessary. I know that
> you are personally looking to do this without a domain, but how
> common are people who are _both_ looking to run an NTP server _with
> NTS_ and do not have a domain?

And not have a stable FQDN.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190131/fd3e85be/attachment-0001.bin>


More information about the devel mailing list