I am configuring the NTP with autokey to make NTP more secure.I don't want to use default certificate which can be generated using ntp-keygen command line tool. ntp-keygen generates one RSA key, one IFF Key and one md5withRSA signature certificate but i want to use my own certificate which is generated by using signature algorithm SHA1withRSA. but when i put my certificate and key in place of ntp deafault certificate and key. It showed me this Error on startup of ntpd.
Jan 19 20:52:22 GURNTP20150710 ntpd[21084]: crypto_key: no filestamp /etc/ntp/ntpkey_host_hostname Jan 19 20:52:22 GURNTP20150710 ntpd[21084]: crypto_setup: host key file ntpkey_host_hostname not found or corrupt
Any one can help me here to secure my ntp server and client using autokey protocol while using my own certificate and key.
Thanks in advance. :)
I got the answer for the above problem.So the answer for can we use my own certificates generated by openssl for securing my ntp is YES. I was facing a problem (above Error) after putting my openssl certificates on /etc/ntp/ path.
Answer: It was due to ntp on start up looks for the "ntpkey_" keyword in certificate's and key's name. So i had to rename my own certificate with this naming convention. but unfortunately i got again the same Error. This time it was due to the file content of certificate file.I checked out the ntpkey-gen's code and figured out that ntp opens the certificate and key file on startup using the fopen C library function and looks for ".(dot)".
Actually when ntp_keygen generates the certificates and keys. It put a comment on the very first line of certificate and key with the file name of certificates which contains the file time stamp after the dot. That's why ntpd looks for dot in certificate file. So i added the file name of ntp Certificate and Key with file time stamp at first line of cert and key.
Its working fine now.
Thanks :)