|
Home > |
|---|
Generate new keys and certificates for NTP public key authentication
sysconf ntp autokeyAuth generate [-certalg <certalg>] [-modulus <modulus>] [-signalg <signalg>] [-password <ntpkey>]
| Parameter | Shortcut | Description |
|---|---|---|
| -certalg | -c |
NTP Certificate Algorithm. Valid values: RSA-SHA1, DSA-SHA1 Default: RSA-SHA1 |
| -modulus | -m |
NTP Modulus Size Only 2048-bit keys are currently supported, so it is not necessary to include this option. Default: 2048 |
| -password | -p | NTP Symmetric Key Value |
| -signalg | -s |
NTP Sign Algorithm Valid values: RSA, DSA Default: RSA |
Note: If you set the signing algorithm to DSA (-signalg sha), specify DSA-SHA1, not DSA-SHA, for the certificate algorithm (-certalg dsa-sha1). Using DSA-SHA will cause a 'invalid digest type' error.
lunash:>sysconf ntp autokeyAuth generate
Generate new keys and certificates using ntp-keygen
WARNING ! Generating keys without client Password.
Generating new keys and certificates using these arguments: -S RSA -c RSA-SHA1 -m 2048
Using OpenSSL version 90802f
Using host sa5 group sa5
Generating RSA keys (2048 bits)...
RSA 0 13 46 1 2 6 3 1 2
Generating new host file and link
ntpkey_host_sa5->ntpkey_RSAhost_sa5.3538763554
Generating RSA keys (2048 bits)...
RSA 0 0 698 1 2 12 3 1 4
Generating new sign file and link
ntpkey_sign_sa5->ntpkey_RSAsign_sa5.3538763554
Generating new certificate sa5 RSA-SHA1
X509v3 Basic Constraints: critical,CA:TRUE
X509v3 Key Usage: digitalSignature,keyCertSign
Generating new cert file and link
ntpkey_cert_sa5->ntpkey_RSA-SHA1cert_sa5.3538763554
You must restart NTP for the changes to take effect.
Check NTP status after restarting it to make sure that the client is able to start and sync with the server.
Command Result : 0 (Success)