Hi, Thank you for your answer. I understand what you wrote, and that is exactly what I'm trying to do by using ntp-keygen. However, it does not work, I receive the log message as described in the first e-mail.
Am I doing something wrong ? Please advise. best regards, Grzegorz David Mills wrote: > Grzegorz, > > With reference to the documentation, you act as a trusted agent (TA) to > generate cryptographic media for a trusted host (TH) whose name is > specifiied in the -s option of ntp-keygen. > > Dave > > Grzegorz Daniluk wrote: > > >> Hi, >> did anybody try to generate keys and certificate for IFF scheme using >> ntp-keygen, but outside the server that will use it ? or maybe it is not >> possible ? >> E.g. I need to generate keys and signed certificate on my computer for >> another server (lets say whose hostname is 'A'). Then I tried like this: >> >> ntp-keygen -T -I -s A -p serverpasswd >> and then exporting group key: >> ntp-keygen -e -q serverpasswd -p clientpasswd > group.key >> >> after this I've sent created files (without group.key) to the server 'A' >> and used ntp-keygen and group.key to create keys on client as described >> on support.ntp.org >> >> however, after running ntp on those machines (both stable ntp-4.2.4p7) >> with debugging (-d) option server A says: >> May 18 13:41:22 A ntpd[74185]: report_event: err >> 'bad_or_missing_certificate' (0x10d), no peer >> >> and of course client fails to query server A. >> >> When I've generated self-signed certificate and keys on the server A >> (then running ntp-keygen without '-s' option) everything works fine. >> >> Thank you in advance, >> Best Regards, >> Grzegorz Daniluk >> >> _______________________________________________ >> questions mailing list >> [email protected] >> https://lists.ntp.org/mailman/listinfo/questions >> >> >> > > _______________________________________________ > questions mailing list > [email protected] > https://lists.ntp.org/mailman/listinfo/questions > > _______________________________________________ questions mailing list [email protected] https://lists.ntp.org/mailman/listinfo/questions
