Self Signed Certs

Gary E. Miller gem at rellim.com
Thu May 7 17:55:40 UTC 2020


Yo Rich!

On Thu, 7 May 2020 12:42:20 -0400
Rich Schmidt via devel <devel at ntpsec.org> wrote:

> I am still stymied trying to test NTPsec with self-signed certs. Still
> getting "unknown ca" on the server. I would appreciate any assistance
> in this effort.

I do not see where you copied your new "root" to the client root certs
diractory.  Then you have to rehas the client root cers directory.

> 2020-05-07T16:23:51 ntpd[27974]: NTSc: Using dir /var/lib/ntp/certs/
> for root certificates.

Here is where the root cert from your self-signed cert needs to got.
Preferably on both server and clients.

> 2020-05-07T16:24:58 ntpd[27974]: NTS: error:14094418:SSL
> routines:ssl3_read_bytes:tlsv1 alert unknown ca

Your root cert not found on client.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can't measure it, you can't improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20200507/b8907dbd/attachment.bin>


More information about the devel mailing list