Self-signed certificates
Hal Murray
hmurray at megapathdsl.net
Wed May 6 23:17:17 UTC 2020
> Is it not possible to use self-signed certificates? Or am I missing some
> steps; is there a recipe that works for machines on private networks?
I use self signed certificates for testing so it should be reasonable for you
to get it working.
I used a recipe I found on the web. It sets up a root certificate and an
intermediate certificate and then certificates for the servers.
The server needs a certificate chain - the certificate for the server and the
intermediate certificate used to sign it. (cat them together)
The client needs the root certificate.
On the server side, you need
nts enable
nts cert /etc/ntp/xxx.cert-chain.pem
nts key /etc/ntp/xxx.key.pem
nts cookie /var/lib/ntp/nts-keys
on the client side, you need:
server <whatever> nts ca /etc/ntp/root-cert.pem
--------
You can also install your root in the systems collection. Then:
server <whatever> nts
should work.
You can also replace the system root certificates with:
ntp ca /etc/ntp/root-cert.pem
I'll say more if that doesn't work.
--
These are my opinions. I hate spam.
More information about the devel
mailing list