sysconf ntp autokeyauth generate

Generate new keys and certificates for NTP public key authentication

User Privileges

Users with the following privileges can perform this command:

>Admin

>Operator

Syntax

sysconf ntp autokeyauth generate [-certalg <certalg>] [-modulus <modulus>] [-signalg <signalg>] [-password <ntpkey>]

Argument(s) Shortcut Description
-certalg <certalg> -c

NTP Certificate Algorithm.

Valid values: RSA-SHA1, DSA-SHA1

Default: RSA-SHA1

-modulus <modulus> -m

NTP Modulus Size. Only 2048-bit keys are currently supported, so it is not necessary to include this option.

Default: 2048

-password <ntpkey> -p NTP Symmetric Key Value
-signalg <signalg> -s

NTP Sign Algorithm

Valid values: RSA, DSA

Default: RSA

NOTE   If you set the signing algorithm to DSA (-signalg sha), specify DSA-SHA1, not DSA-SHA, for the certificate algorithm (-certalg dsa-sha1). Using DSA-SHA will cause a 'invalid digest type' error.

Example

lunash:>sysc ntp autokeyAuth generate

Generate new keys and certificates using ntp-keygen
WARNING ! Generating keys without client Password.

Generating new keys and certificates using these arguments:  -S RSA -c RSA-SHA1  -m 2048

Using OpenSSL version OpenSSL 1.0.1e-fips 11 Feb 2013
Using host sadoc78 group sadoc78
Generating RSA keys (2048 bits)...
RSA 0 43 77     1 2 6                           3 1 2
Generating new host file and link
ntpkey_host_sadoc78->ntpkey_RSAhost_sadoc78.3699032190
Generating RSA keys (2048 bits)...
RSA 0 2 974     1 2 12                          3 1 4
Generating new sign file and link
ntpkey_sign_sadoc78->ntpkey_RSAsign_sadoc78.3699032190
Generating new certificate sadoc78 RSA-SHA1
X509v3 Basic Constraints: critical,CA:TRUE
X509v3 Key Usage: digitalSignature,keyCertSign
Generating new cert file and link
ntpkey_cert_sadoc78->ntpkey_RSA-SHA1cert_sadoc78.3699032190

You must restart NTP for the changes to take effect.
Check NTP status after restarting it to make sure that the client is able to start and sync with the server.

Command Result : 0 (Success)