[ntp:questions] ntp-keygen -H and update options

Steve Kostecke kostecke at ntp.org
Sat May 14 15:21:54 UTC 2011

On 2011-05-13, Joe Smithian <joe.smithian at gmail.com> wrote:

> I am trying to configure a trusted NTP server and some clients using
> Autokey.


> 1-When we should use -H option? When generating new keys? updating
> certificates? or both cases?

It is only necessary when you initially generate the host parameters
(e.g. the key/cert pair).

> 2-Does ?-H? flag only generate RSA keys; not DSA even when we use ?S DSA
> option, as in the example below?

Try it and see.

> 3- Should we use the same arguments when running ntp-keygen later to update
> the certificates/keys? Is ntp-keygen smart enough to generate new
> certificates of the same type as the existing one without specifying the
> arguments? If not the problem is that if the user runs the ntp-keygen with
> no or different arguments it may generate new certificates of different
> type.

Try it and see.

Steve Kostecke <kostecke at ntp.org>
NTP Public Services Project - http://support.ntp.org/

More information about the questions mailing list