Hi All, I am trying to configure a trusted NTP server and some clients using Autokey.
ntp-keygen document: -HGenerate a new encrypted RSA public/private host key file and link. Note that if the sign key is the same as the host key, generating a new host key invalidates all certificates signed with the old host key.My questions: 1-When we should use -H option? When generating new keys? updating certificates? or both cases? 2-Does “-H” flag only generate RSA keys; not DSA even when we use –S DSA option, as in the example below? Let say we generate new keys using non-default options such as e.g: ntp-keygen generate -password mypasword -c RSA-SHA -S RSA -modulus 1024 3- Should we use the same arguments when running ntp-keygen later to update the certificates/keys? Is ntp-keygen smart enough to generate new certificates of the same type as the existing one without specifying the arguments? If not the problem is that if the user runs the ntp-keygen with no or different arguments it may generate new certificates of different type. I would appreciate your comments. Regards Joe _______________________________________________ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions