[Nfd-dev] How to start a certificate chain from scratch
Junxiao Shi
shijunxiao at email.arizona.edu
Wed Nov 19 10:13:01 PST 2014
Dear folks
While we are able to request testbed certificates from ndncert website,
when doing experiments, it's undesirable to request testbed certificates
for all nodes.
Suppose someone wants to start a certificate chain from scratch, how could
this be done?
Specifically, what are the commands to:
1. generate a root certificate: /example/KEY/ksk-1/ID-CERT
2. generate a site certificate and sign it by root certificate:
/example/KEY/site1/ksk-2/ID-CERT
3. generate a user certificate and sign it by site certificate:
/example/site1/KEY/user1/ksk-3/ID-CERT
4. publish root, site, user certificate in a repository or ndns system
5. generate a data signing certificate and sign it by user certificate:
/example/site1/user1/KEY/dsk-4/ID-CERT
Another question is: why is testbed root certificate named
/ndn/KEY/ksk-xxxx/ID-CERT, instead of /KEY/ndn/ksk-xxxx/ID-CERT
Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20141119/8a3aff93/attachment.html>
More information about the Nfd-dev
mailing list