> Is it not possible to use self-signed certificates? Or am I missing some > steps; is there a recipe that works for machines on private networks?
I use self signed certificates for testing so it should be reasonable for you to get it working. I used a recipe I found on the web. It sets up a root certificate and an intermediate certificate and then certificates for the servers. The server needs a certificate chain - the certificate for the server and the intermediate certificate used to sign it. (cat them together) The client needs the root certificate. On the server side, you need nts enable nts cert /etc/ntp/xxx.cert-chain.pem nts key /etc/ntp/xxx.key.pem nts cookie /var/lib/ntp/nts-keys on the client side, you need: server <whatever> nts ca /etc/ntp/root-cert.pem -------- You can also install your root in the systems collection. Then: server <whatever> nts should work. You can also replace the system root certificates with: ntp ca /etc/ntp/root-cert.pem I'll say more if that doesn't work. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
