sysconf ntp autokeyauth generate
Generate new keys and certificates for NTP public key authentication
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
sysconf ntp autokeyauth generate [-certalg <certalg>] [-modulus <modulus>] [-signalg <signalg>] [-password <ntpkey>]
Option | Shortcut | Description |
---|---|---|
-certalg <certalg> | -c |
NTP Certificate Algorithm. Valid values: RSA-SHA1, DSA-SHA1 Default: RSA-SHA1 |
-modulus <modulus> | -m |
NTP Modulus Size. Only 2048-bit keys are currently supported, so it is not necessary to include this option. Default: 2048 |
-password <ntpkey> | -p | NTP Symmetric Key Value |
-signalg <signalg> | -s |
NTP Sign Algorithm Valid values: RSA, DSA Default: RSA |
NOTE If you set the signing algorithm to DSA (-signalg sha), specify DSA-SHA1, not DSA-SHA, for the certificate algorithm (-certalg dsa-sha1). Using DSA-SHA will cause a 'invalid digest type' error.
Example
lunash:>sysc ntp autokeyAuth generate
Generate new keys and certificates using ntp-keygen
WARNING ! Generating keys without client Password.
Generating new keys and certificates using these arguments: -S RSA -c RSA-SHA1 -m 2048
Using OpenSSL version OpenSSL 1.0.1e-fips 11 Feb 2013
Using host sadoc78 group sadoc78
Generating RSA keys (2048 bits)...
RSA 0 43 77 1 2 6 3 1 2
Generating new host file and link
ntpkey_host_sadoc78->ntpkey_RSAhost_sadoc78.3699032190
Generating RSA keys (2048 bits)...
RSA 0 2 974 1 2 12 3 1 4
Generating new sign file and link
ntpkey_sign_sadoc78->ntpkey_RSAsign_sadoc78.3699032190
Generating new certificate sadoc78 RSA-SHA1
X509v3 Basic Constraints: critical,CA:TRUE
X509v3 Key Usage: digitalSignature,keyCertSign
Generating new cert file and link
ntpkey_cert_sadoc78->ntpkey_RSA-SHA1cert_sadoc78.3699032190
You must restart NTP for the changes to take effect.
Check NTP status after restarting it to make sure that the client is able to start and sync with the server.
Command Result : 0 (Success)