Yo Hal! On Wed, 30 Jan 2019 20:29:27 -0800 Hal Murray via devel <devel@ntpsec.org> wrote:
> I think we should step back and look at the big picture. Or a smaller picture. > There is discussion going on about the changes to ntp.conf. The smaller picture below: > The other large area I can see is TLS and certificates. We are going > to need good documentation to guide a server operator through setting > up certificates. (Pointers to other documentation are fine.) Easy: https://letsencrypt.org/getting-started/ > We are also going to need documentation for how to setup self-signed > certificates for testing. Not really. If you have a fixed public hostname, then Lets Encrypt is easy and quick. If you do not have a fixed public hostname, then game over. > If anybody is familiar with TLS, I think it would be wonderful if we > had some throw-away code that was a TLS server and client that we > could use for testing certificates. Easy, just install nginx or apache. Then follow their TLS guides: https://nginx.org/en/docs/http/configuring_https_servers.html https://httpd.apache.org/docs/current/ssl/ssl_howto.html Our setup, when we figure out what it is, will be very similar. > Are there any big chunks I didn't mention? Yes. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpl39MWGu6_t.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
