For those looking for a strait forward PKI, here’s how to get it, using Cloudflare’s CFSSL. Why CFSSL? If you’re looking for a simple solution, this is as simple as it can get: install Go Compiler, compile CFSSL and your done. Drawback? There’s little flexibility in terms or library versions. You get what Go offers. Now, CFSSL isn’t the most well documented application over there and yes, some configuration items aren’t document at all, so see right below on how to create a PKI using CFSSL. Editor’s Note: This walkthrough was corrected to support the new “ca_constraint” parameter.
Configuring an NTP server is by far not the most strait forward nor best documenting activities while managing a data center. Adding authentication on top of it, just makes things worse, far worse. Fortunately, it’s something only done once. The end goal: Authenticated NTP. ntpdate -d -k /etc/ntp.keys -a 10 your.ntpserver.com 9 Jul 23:24:33 ntpdate: ntpdate [email protected] Fri May 28 01:20:57 UTC 2010 (1) Looking for host your.ntpserver.com and service ntp host found : 22.214.171.124 transmit(126.96.36.199) receive(188.8.131.52) receive: authentication passed