On 10-12-2019 05:58, Hal Murray wrote: > openssl s_client -showcerts -quiet time.cloudflare.com:1234
# openssl s_client -showcerts -quiet time.cloudflare.com:1234 depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, CN = DigiCert ECC Secure Server CA verify return:1 depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = time.cloudflare.com verify return:1 read:errno=0 Look similar to yours I guess. Yet, I get: Dec 10 05:52:57 s2 ntpd[984825]: NTSc: DNS lookup of time.cloudflare.com:1234 took 0.022 sec Dec 10 05:52:57 s2 ntpd[984825]: NTSc: nts_probe connecting to time.cloudflare.com:1234 => [2606:4700:f1::123]:123 Dec 10 05:52:57 s2 ntpd[984825]: NTSc: Using TLSv1.3, TLS_AES_256_GCM_SHA384 (256) Dec 10 05:52:57 s2 ntpd[984825]: NTSc: certificate subject name: /C=US/ST=California/L=San Francisco/O=Cloudflare, Inc./CN=time.cloudflare.com Dec 10 05:52:57 s2 ntpd[984825]: NTSc: certificate issuer name: /C=US/O=DigiCert Inc/CN=DigiCert ECC Secure Server CA Dec 10 05:52:57 s2 ntpd[984825]: NTSc: certificate invalid: 19=>self signed certificate in certificate chain Dec 10 05:52:57 s2 ntpd[984825]: NTSc: NTS-KE req to time.cloudflare.com:1234 took 0.070 sec, fail Kind regards, Udo _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
