Hi, did anybody try to generate keys and certificate for IFF scheme using ntp-keygen, but outside the server that will use it ? or maybe it is not possible ? E.g. I need to generate keys and signed certificate on my computer for another server (lets say whose hostname is 'A'). Then I tried like this:
ntp-keygen -T -I -s A -p serverpasswd and then exporting group key: ntp-keygen -e -q serverpasswd -p clientpasswd > group.key after this I've sent created files (without group.key) to the server 'A' and used ntp-keygen and group.key to create keys on client as described on support.ntp.org however, after running ntp on those machines (both stable ntp-4.2.4p7) with debugging (-d) option server A says: May 18 13:41:22 A ntpd[74185]: report_event: err 'bad_or_missing_certificate' (0x10d), no peer and of course client fails to query server A. When I've generated self-signed certificate and keys on the server A (then running ntp-keygen without '-s' option) everything works fine. Thank you in advance, Best Regards, Grzegorz Daniluk _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
