> Can anybody confirm that installing the certificates for ntpd as a server can > fix the client-side certificate issues as well?
No. -------- For a client, you need a root certificate for each server's certificate. Most distros have a package with many root certificates and their libssl is setup to know where that lives so you don't have to do anything more than add "nts" to the server line. (Web browsers are normally setup to use that collection.) On Fedora, it's ca-certificates.noarch The sudo package needs it (??) so it is probably installed on your system. For a server, you need a certificate (chain) and the corresponding private key. Your clients need the root certificate. If you have a typical certificate, one that would work for a web site, the root certificate is probably part of the normal package. If you have a self signed certificate, you have to distribute your root certificate and they have to add that to their server line: server mumble.example.com nts ca <root-cert-file-name> ------- Do you have an "nts ca xxxxx" line in your ntp.conf? That would override the default certificate collection? -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel