The SignServer TimeMonitor is used together with the StatusReadingLocalComputerTimeSource for monitoring the local time and informing SignServer about its state.

The application is started separately from SignServer and runs in its own process. The important main loop repeatably performs the following steps:

  1. Calculates the time difference between the local time and the time of the time server by sending NTP queries.
  2. The result is compared with the configured allowed time difference and if the time is within the interval, the time is considered in sync. Additionally, the leap second indicator of the NTP responses is checked.
  3. The status is then published to SignServer using HTTP. The status is stored with an expiration time and it is therefore important that the application gets time to perform a new round and publish updated results before the expiration.

Changes to the TimeMonitor states are logged using Log4j as well as published to SignServer.

The current status of the TimeMonitor can be queried using HTTP from its health check page (see Logging and Monitoring) or from workers configured in SignServer.

System Overview

The following shows an overview of the interactions between SignServer, TimeMonitor, and Time Server.

Note that the dotted arrow above is only relevant for legacy local NTP commands and not as of SignServer 5.11 where the NTP queries are carried out by the TimeMonitor application using its built-in support for SNTP. Logging and general monitoring are not shown in the example above.

Assumptions

  • The local time of the server is synchronized with an external time server using for instance the NTP (or Chrony) daemon.
  • The operating system and/or the NTP service takes care of updating the local clock when a leap-second change occurs.
  • The external time server is synchronized with a reliable national time source or GPS.
  • The external time server has an NTP service that can be queried often from the TimeMonitor application on each server.
  • The time-stamp signer(s) uses the StatusReadingLocalComputerTimeSource.

The TimeMonitor application can be configured to query the time server more frequently than the NTP standards allow (i.e. more often than every 15 seconds). It is therefore important not to run the TimeMonitor application against an online NTP service. The TimeMonitor application must only be run towards a dedicated NTP server under your own control.

Installation

The application is built with SignServer. In the binary distribution and on the SignServer Hardware Appliance the application is already available but if you build from source you will need to have "includemodulesinbuild=true" (default) or the property "timemonitor.enabled=true" specified in conf/signserver_deploy.properties when building.

For more information on TimeMonitor configuration options, see TimeMonitor Configuration and for an example of how you can set up TimeMonitor, see How to Configure TimeMonitor.