Self-signed certificates

Hal Murray hmurray at
Wed May 6 23:17:17 UTC 2020

> Is it not possible to use self-signed certificates?  Or am I missing some
> steps; is there a recipe that works for machines on private networks?

I use self signed certificates for testing so it should be reasonable for you 
to get it working.

I used a recipe I found on the web.  It sets up a root certificate and an 
intermediate certificate and then certificates for the servers.

The server needs a certificate chain - the certificate for the server and the 
intermediate certificate used to sign it.  (cat them together)
The client needs the root certificate.

On the server side, you need

nts enable
nts cert   /etc/ntp/xxx.cert-chain.pem
nts key    /etc/ntp/xxx.key.pem
nts cookie /var/lib/ntp/nts-keys

on the client side, you need:
server <whatever> nts ca /etc/ntp/root-cert.pem


You can also install your root in the systems collection.  Then:
  server <whatever> nts
should work.

You can also replace the system root certificates with:
ntp ca /etc/ntp/root-cert.pem

I'll say more if that doesn't work.

These are my opinions.  I hate spam.

More information about the devel mailing list