[Nfd-dev] How to start a certificate chain from scratch
Lixia Zhang
lixia at CS.UCLA.EDU
Wed Nov 19 13:17:50 PST 2014
folks, security related topic should copy ndn-sec
On Nov 19, 2014, at 10:13 AM, Junxiao Shi <shijunxiao at email.arizona.edu> wrote:
> Dear folks
>
> While we are able to request testbed certificates from ndncert website, when doing experiments, it's undesirable to request testbed certificates for all nodes.
> Suppose someone wants to start a certificate chain from scratch, how could this be done?
>
> Specifically, what are the commands to:
> generate a root certificate: /example/KEY/ksk-1/ID-CERT
> generate a site certificate and sign it by root certificate: /example/KEY/site1/ksk-2/ID-CERT
> generate a user certificate and sign it by site certificate: /example/site1/KEY/user1/ksk-3/ID-CERT
> publish root, site, user certificate in a repository or ndns system
> generate a data signing certificate and sign it by user certificate: /example/site1/user1/KEY/dsk-4/ID-CERT
>
> Another question is: why is testbed root certificate named /ndn/KEY/ksk-xxxx/ID-CERT, instead of /KEY/ndn/ksk-xxxx/ID-CERT
>
> Yours, Junxiao
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20141119/eb45dabc/attachment.html>
More information about the Nfd-dev
mailing list