Re: 答复: [chrony-users] about how to ues the NTS |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: 答复: [chrony-users] about how to ues the NTS
- From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
- Date: Thu, 22 Sep 2022 14:48:30 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1663850913; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=RGsyGt8KQ2nAm61Qm38R2dlys6v5ApQ//nJfJF9rtU8=; b=Z5/ZJv6JvynT1bZ3tm++5GD5Mlh/MsYh9/6L0XrkCYw+zU2aG7PM/RCB7oeqvM+RWhltY4 c9kDSNWz8hpdsjWmzIFz79q4c5fsNvZs6z+SbCrq96v3lg9aIdHkfkgD2MedqP9bIz5obb eo0LJPeskvzqqwSpJEa1hOHZaQnar3s=
On Thu, Sep 22, 2022 at 12:33:01PM +0000, chengyechun wrote:
> How should the NTS server certificate and key be generated? The method in the test case or other methods show that the certificate is untrusted. Why is this cause and what command should be used?
If you don't want to copy that certicate to each client, you will need
to get the certificate signed by a certificate authority which has its
certificate included in the system trusted certificates.
There are some that can do it for free. The well known one is Let's
Encrypt. There are scripts that automate the whole process. Your
distribution likely has a "certbot" package. You would just run
"certbot certonly" to get a new key+certificate and "certbot
renew" every month or so to get the certificate renewed. It's valid
only for three months.
--
Miroslav Lichvar
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.