hmurray at megapathdsl.net
Wed May 6 23:17:17 UTC 2020
> Is it not possible to use self-signed certificates? Or am I missing some
> steps; is there a recipe that works for machines on private networks?
I use self signed certificates for testing so it should be reasonable for you
to get it working.
I used a recipe I found on the web. It sets up a root certificate and an
intermediate certificate and then certificates for the servers.
The server needs a certificate chain - the certificate for the server and the
intermediate certificate used to sign it. (cat them together)
The client needs the root certificate.
On the server side, you need
nts cert /etc/ntp/xxx.cert-chain.pem
nts key /etc/ntp/xxx.key.pem
nts cookie /var/lib/ntp/nts-keys
on the client side, you need:
server <whatever> nts ca /etc/ntp/root-cert.pem
You can also install your root in the systems collection. Then:
server <whatever> nts
You can also replace the system root certificates with:
ntp ca /etc/ntp/root-cert.pem
I'll say more if that doesn't work.
These are my opinions. I hate spam.
More information about the devel