Re: 答复: [chrony-users] about how to ues the NTS

[ Thread Index | Date Index | More Archives ]

On Thu, Sep 22, 2022 at 12:33:01PM +0000, chengyechun wrote:
> How should the NTS server certificate and key be generated? The method in the test case or other methods show that the certificate is untrusted. Why is this cause and what command should be used?

If you don't want to copy that certicate to each client, you will need
to get the certificate signed by a certificate authority which has its
certificate included in the system trusted certificates.

There are some that can do it for free. The well known one is Let's
Encrypt. There are scripts that automate the whole process. Your
distribution likely has a "certbot" package. You would just run
"certbot certonly" to get a new key+certificate and "certbot
renew" every month or so to get the certificate renewed. It's valid
only for three months.

Miroslav Lichvar

To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+