[ntp:questions] ntp-keygen IFF
lin_g at o2.pl
Mon May 18 13:45:22 UTC 2009
did anybody try to generate keys and certificate for IFF scheme using
ntp-keygen, but outside the server that will use it ? or maybe it is not
E.g. I need to generate keys and signed certificate on my computer for
another server (lets say whose hostname is 'A'). Then I tried like this:
ntp-keygen -T -I -s A -p serverpasswd
and then exporting group key:
ntp-keygen -e -q serverpasswd -p clientpasswd > group.key
after this I've sent created files (without group.key) to the server 'A'
and used ntp-keygen and group.key to create keys on client as described
however, after running ntp on those machines (both stable ntp-4.2.4p7)
with debugging (-d) option server A says:
May 18 13:41:22 A ntpd: report_event: err
'bad_or_missing_certificate' (0x10d), no peer
and of course client fails to query server A.
When I've generated self-signed certificate and keys on the server A
(then running ntp-keygen without '-s' option) everything works fine.
Thank you in advance,
More information about the questions