[Nfd-dev] How to start a certificate chain from scratch
shijunxiao at email.arizona.edu
Mon Feb 23 21:46:41 PST 2015
The only missing piece is: publish root, site, user certificate in a
repository or ndns system.
Does anyone know how to publish a certificate with repo-ng and ndns? I want
to try both.
On Wed, Nov 19, 2014 at 12:49 PM, Yingdi Yu <yingdi at cs.ucla.edu> wrote:
> Hi Junxiao,
> On Nov 19, 2014, at 11:23 AM, Junxiao Shi <shijunxiao at email.arizona.edu>
> Hi Yingdi
> Suppose one wants to mirror the same trust model as testbed and ndncert
> website, how can he do that? What are the commands?
> I list the commands for the example below:
> >> Specifically, what are the commands to:
> >> generate a root certificate: /example/KEY/ksk-1/ID-CERT
> $ ndnsec-keygen /example | ndnsec-cert-install -
> >> generate a site certificate and sign it by root certificate:
> $ ndnsec-keygen /example/site1 > site1-cert.req
> $ ndnsec-certgen -N /example/site1 -s /example site1-cert.req |
> ndnsec-cert-install -
> >> generate a user certificate and sign it by site certificate:
> $ ndnsec-keygen /example/site1/user1 > user1-cert.req
> $ ndnsec-certgen -N /example/site1/user1 -s /example/site1 user1-cert.req
> | ndnsec-cert-install -
> >> publish root, site, user certificate in a repository or ndns system
> This depends on the tools. I usually write a simple cert publishing tool
> or use PIB to publish certificates
> >> generate a data signing certificate and sign it by user certificate:
> For now, the command line tool disables dsk generation, but we could
> enable that if necessary.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nfd-dev