答复: 答复: [chrony-users] about how to ues the NTS

[chengyechun <chengyechun1@xxxxxxxxxx>]

Thank you very much for your help, I will try certbot

-----邮件原件-----
发件人: Miroslav Lichvar [mailto:mlichvar@xxxxxxxxxx] 
发送时间: 2022年9月22日 20:49
收件人: chrony-users@xxxxxxxxxxxxxxxxxxxx
主题: Re: 答复: [chrony-users] about how to ues the NTS

On Thu, Sep 22, 2022 at 12:33:01PM +0000, chengyechun wrote:
> How should the NTS server certificate and key be generated? The method in the test case or other methods show that the certificate is untrusted. Why is this cause and what command should be used?

If you don't want to copy that certicate to each client, you will need to get the certificate signed by a certificate authority which has its certificate included in the system trusted certificates.

There are some that can do it for free. The well known one is Let's Encrypt. There are scripts that automate the whole process. Your distribution likely has a "certbot" package. You would just run "certbot certonly" to get a new key+certificate and "certbot renew" every month or so to get the certificate renewed. It's valid only for three months.

--
Miroslav Lichvar


-- 
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx 
with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.