Self-signed certificates

Rich Schmidt at
Wed May 6 22:44:08 UTC 2020

I would like to test NTPsec on an internal network without Internet access.
I have created self-signed certificates on both server and client.   But
NTPsec on the server complains
NTS: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert *unknown ca*
and on the client:
2020-05-06T22:38:42 ntpd[9901]: NTSc: Using dir /var/lib/ntp/certs/ for
root certificates.
2020-05-06T22:38:42 ntpd[9901]: NTSc: SSL_connect failed
2020-05-06T22:38:42 ntpd[9901]: NTS: error:14090086:SSL
routines:ssl3_get_server_certificate:*certificate verify failed*

Is it not possible to use self-signed certificates?  Or am I missing some
steps; is there a recipe that works for machines on private networks?
Thank you!
Richard Schmidt, CTR
US Naval Observatory
Washington, DC

“The ideal subject of totalitarian rule is not the convinced Nazi or the
convinced communist, but people for whom the distinction between fact and
fiction . . . and the distinction between true and false . . . no longer
exist.” —Hanna Arendt, “The Origins of Totalitarianism” (1951)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the devel mailing list