Joe,
The documentation is rather specific. If you generate a new host or sign
key, the certificates are invalid and should be regenerated. Running
ntp-keygen with now arguments generates a new certificate of the same
type and signature as the existing one.
Dave
Joe Smithian wrote:
Hi All,
I am trying to configure a trusted NTP server and some clients using
Autokey.
ntp-keygen document:
-HGenerate a new encrypted RSA public/private host key file and link. Note
that if the sign key is the same as the host key, generating a new host key
invalidates all certificates signed with the old host key.My questions:
1-When we should use -H option? When generating new keys? updating
certificates? or both cases?
2-Does “-H” flag only generate RSA keys; not DSA even when we use –S DSA
option, as in the example below?
Let say we generate new keys using non-default options such as
e.g: ntp-keygen generate -password mypasword -c RSA-SHA -S RSA -modulus
1024
3- Should we use the same arguments when running ntp-keygen later to update
the certificates/keys? Is ntp-keygen smart enough to generate new
certificates of the same type as the existing one without specifying the
arguments? If not the problem is that if the user runs the ntp-keygen with
no or different arguments it may generate new certificates of different
type.
I would appreciate your comments.
Regards
Joe
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
_______________________________________________
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
