Self-signed certificates

Rich Schmidt schmidt.rich at gmail.com
Wed May 6 22:44:08 UTC 2020


I would like to test NTPsec on an internal network without Internet access.
I have created self-signed certificates on both server and client.   But
NTPsec on the server complains
NTS: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert *unknown ca*
and on the client:
2020-05-06T22:38:42 ntpd[9901]: NTSc: Using dir /var/lib/ntp/certs/ for
root certificates.
2020-05-06T22:38:42 ntpd[9901]: NTSc: SSL_connect failed
2020-05-06T22:38:42 ntpd[9901]: NTS: error:14090086:SSL
routines:ssl3_get_server_certificate:*certificate verify failed*

Is it not possible to use self-signed certificates?  Or am I missing some
steps; is there a recipe that works for machines on private networks?
Thank you!
Richard Schmidt, CTR
US Naval Observatory
Washington, DC

-- 
“The ideal subject of totalitarian rule is not the convinced Nazi or the
convinced communist, but people for whom the distinction between fact and
fiction . . . and the distinction between true and false . . . no longer
exist.” —Hanna Arendt, “The Origins of Totalitarianism” (1951)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200506/95cdf8b7/attachment.htm>


More information about the devel mailing list