Yo Hal! On Wed, 20 Mar 2019 16:28:36 -0700 Hal Murray via devel <devel@ntpsec.org> wrote:
> > I added this to my ntp.conf:
> > nts enable
> > cert /etc/letsencrypt/live/kong.rellim.com/fullchain.pem
> > key /etc/letsencrypt/live/kong.rellim.com/privkey.pem
> > Fail.
>
> You need "nts" in front of the cert and key. Or else one loong
> line. There is no "cert" top level command.
Ah, the man page is unclear on that:
nts [enable|disable] [mintls version] [maxtls version] [tlsciphers
name] [tlsciphersuites name]
No mention of cert or key there.
Also, the man page makes no mention of default cert in: /etc/ntp/cert-chain.pem
> If you specify a log file in your ntp.conf, the error messages from
> parsing ntp.conf end up in /var/log/messages (or wherever your system
> puts syslog) -- chicken and egg. I'll bet you find error messages if
> you look for them.
Which is where I got the error message that I sent you.
> > That should prolly mention tcp, as udp 123 is also used.
>
> Is "listen" used with UDP?
Yes, how else does ntpd get messages on UDP 123?
> > What is "NTSs"?
>
> Eric put XXX: on the front of all the msyslog messages. The final
> "s" is for server side messages. There are some with "c" for client
> side.
Weird. I thought we agreed to use NTS-KE, not NTS? Needs to be on the
man page.
So, now I have to ntpd with NTS-KE running. But, new issues.
I changed this:
server 204.17.205.8 maxpoll 5 # spidey
To this:
server 204.17.205.8 nts maxpoll 5 # spidey
Now the server starts as before, then, silently dies...
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpvLGmjJIrKd.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
