To keep correct time on a StrongKey FIDO Server with no outside connections, configure NTP Client using Chrony:

1. Login to the appliance as root.
2. To confirm whether the NTP service is enabled, please run the following command.
   

   > timedatectl

   Example output if the server is in sync with the NTP server:
   
   If the NTP is not synced, please follow the steps below to connect it with the local NTP server.
3. Using a text editor (e.g., vi or gedit) open the file /etc/chrony.conf and update the server information (similar to image below) in the file with internal NTP server.
   You may use either the IP address or the FQDN of the NTP server here. If you use the FQDN, ensure the FQDN of the NTP server is resolvable by SKFS. You may ping <NTP-FQDN> (e.g., ping pool.ntp.server.org) the SKFS appliance to confirm that the FQDN is resolvable and the NTP server can be reached. If not, open the /etc/resolv.conf file using text editor (e.g., vi, edit, etc.), and at the end of the file add the DNS info (nameserver <IP>) for the NTP server.
   
   
   
4. Add a firewall rule for the NTP service and reload the rules:
   

   > firewall-cmd --add-service=ntp --permanent --zone=public
   > firewall-cmd --reload

5. Start the NTP service and enable it system-wide:
   

   > systemctl restart chronyd
   > systemctl enable chronyd
   > systemctl status chronyd

6. After NTP daemon has been started, wait few minutes for the server to synchronize time with its pool list servers, then run the following commands to verify NTP status:

   > timedatectl