sysconf ntp autokeyAuth generate
Generate new keys and certificates for NTP public key authentication
User Privileges
Users with the following privileges can perform this command:
>Admin
>Operator
Syntax
sysconf ntp autokeyAuth generate [-certalg <certalg>] [-modulus <modulus>] [-signalg <signalg>] [-password <ntpkey>]
Argument(s) | Shortcut | Description |
---|---|---|
-certalg <certalg> | -c |
NTP Certificate Algorithm. Valid values: RSA-SHA1, DSA-SHA1 Default: RSA-SHA1 |
-modulus <modulus> | -m |
NTP Modulus Size. Only 2048-bit keys are currently supported, so it is not necessary to include this option. Default: 2048 |
-password <ntpkey> | -p | NTP Symmetric Key Value |
-signalg <signalg> | -s |
NTP Sign Algorithm Valid values: RSA, DSA Default: RSA |
NOTE If you set the signing algorithm to DSA (-signalg sha), specify DSA-SHA1, not DSA-SHA, for the certificate algorithm (-certalg dsa-sha1). Using DSA-SHA will cause a 'invalid digest type' error.
Example
lunash:>sysc ntp autokeyAuth generate Generate new keys and certificates using ntp-keygen WARNING ! Generating keys without client Password. Generating new keys and certificates using these arguments: -S RSA -c RSA-SHA1 -m 2048 Using OpenSSL version OpenSSL 1.0.1e-fips 11 Feb 2013 Using host sadoc78 group sadoc78 Generating RSA keys (2048 bits)... RSA 0 43 77 1 2 6 3 1 2 Generating new host file and link ntpkey_host_sadoc78->ntpkey_RSAhost_sadoc78.3699032190 Generating RSA keys (2048 bits)... RSA 0 2 974 1 2 12 3 1 4 Generating new sign file and link ntpkey_sign_sadoc78->ntpkey_RSAsign_sadoc78.3699032190 Generating new certificate sadoc78 RSA-SHA1 X509v3 Basic Constraints: critical,CA:TRUE X509v3 Key Usage: digitalSignature,keyCertSign Generating new cert file and link ntpkey_cert_sadoc78->ntpkey_RSA-SHA1cert_sadoc78.3699032190 You must restart NTP for the changes to take effect. Check NTP status after restarting it to make sure that the client is able to start and sync with the server. Command Result : 0 (Success)