On 1/31/19 7:28 PM, Hal Murray via devel wrote: > I'm looking for a way to test without a domain. The problem with using a self-signed certificate is that it won't validate. So you either need a configuration option to tell ntpd to ignore the NTS-KE server's certificate failure, or you actually need to setup your own private CA.
Such a confirmation option may be desirable for testing. But it's also an attractive nuisance. In a world where certificates are available for free from Let's Encrypt, I'm not sure it's necessary. I know that you are personally looking to do this without a domain, but how common are people who are _both_ looking to run an NTP server _with NTS_ and do not have a domain? There are plenty of guides for setting up a private CA, but this one looks pretty good and comprehensive: https://jamielinux.com/docs/openssl-certificate-authority/introduction.html -- Richard _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
