[ntp:hackers] ntp Authentification support for X.509v3 against a Certificate Authority (CA)

Laatz, Erek laatz at makdata.de
Wed Jun 21 16:35:38 UTC 2006


Danny,

of course I have used also your support pages as a source, and as a 
result, the IFF based autokey protocol works really fine.

But especially the online certificate verification against a CA is not 
considered in Steves (very good) documentation.

Best regards,

Erek

Danny Mayer wrote:
> Laatz, Erek wrote:
>> Danny,
>>
>> thank you very much for your answer and the support adding Dave Mills to this
>> reply!
>> Unfortunately I have studied the ntp documentation of Dave Mills and also his
>> new book 'Computer Network Time Synchronization - The Network Time Protocol' (I
>> would tell you - it's a strong and long way to get it here in Germany) but I
>> found no hint on how to configure this special topic.
>>
>> Usual autokey (IFF) with self generated X.509v3 certificates works fine in our
>> test environment!
>>
>> Erek
>>
>>
>>
>>
>> Erek Laatz
>>
>> Danny Mayer wrote:
>>> Laatz, Erek wrote:
>>>> Dear all,
>>>>
>>>> we want to set up a larger environment for around 60 NTP servers in Germany.
>>>> All these hosts will have the ability to use system specific X509v3
>>>> certificates issued by a CA. Our idea is to use these certificates also for ntp
>>>> authentification as we have the requirement to use some kind of
>>>> authentification within the ntp installations.
>>>>
>>>> I've looked in several sources but found no idea how to realize a certificate
>>>> verification against a CA, even found no special hint on how to realize it
>>>> within the autokey protocol.
>>>>
>>>> Is there anyone who have an idea how to realize a X.509v3 certificate
>>>> verification against a CA?
>>>>
>>>> Best gregards, Yours
>>>>
>>>> Erek
>>> Dave Mills is the best person to answer these questions but he's not on
>>> this list, so I have added him to this reply. Have you looked at the
>>> autokey protocol for details about how it works?
>>>
>>> Danny
>>>
> 
> Take a look at our support pages, specifically:
> http://ntp.isc.org/bin/view/Support/ConfiguringAutokey
> which has a detailed guide to setting up and using autokey. Steve
> Kostecke did almost all of the work on these pages can should be able to
> answer most of the additonal practical questions you may have.
> 
> Danny



More information about the hackers mailing list