[Nfd-dev] How to start a certificate chain from scratch
Junxiao Shi
shijunxiao at email.ARIZONA.EDU
Wed Nov 19 11:23:58 PST 2014
Hi Yingdi
Suppose one wants to mirror the same trust model as testbed and ndncert
website, how can he do that? What are the commands?
Yours, Junxiao
On Nov 19, 2014 11:23 AM, "Yingdi Yu" <yingdi at cs.ucla.edu> wrote:
>
> Just to clarify, the scenario you describe is a trust model for the
ndncert only. For apps that just want to use simple trust model, it is not
necessary to create so many keys.
>
>>
>> Specifically, what are the commands to:
>> generate a root certificate: /example/KEY/ksk-1/ID-CERT
>> generate a site certificate and sign it by root certificate:
/example/KEY/site1/ksk-2/ID-CERT
>> generate a user certificate and sign it by site certificate:
/example/site1/KEY/user1/ksk-3/ID-CERT
>> publish root, site, user certificate in a repository or ndns system
>> generate a data signing certificate and sign it by user certificate:
/example/site1/user1/KEY/dsk-4/ID-CERT
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20141119/71391b37/attachment.html>
More information about the Nfd-dev
mailing list