[Nfd-dev] How to start a certificate chain from scratch
Junxiao Shi
shijunxiao at email.arizona.edu
Mon Feb 23 21:46:41 PST 2015
Dear folks
The only missing piece is: publish root, site, user certificate in a
repository or ndns system.
Does anyone know how to publish a certificate with repo-ng and ndns? I want
to try both.
Yours, Junxiao
On Wed, Nov 19, 2014 at 12:49 PM, Yingdi Yu <yingdi at cs.ucla.edu> wrote:
> Hi Junxiao,
>
> On Nov 19, 2014, at 11:23 AM, Junxiao Shi <shijunxiao at email.arizona.edu>
> wrote:
>
> Hi Yingdi
>
> Suppose one wants to mirror the same trust model as testbed and ndncert
> website, how can he do that? What are the commands?
>
> I list the commands for the example below:
>
> >> Specifically, what are the commands to:
>
> >> generate a root certificate: /example/KEY/ksk-1/ID-CERT
>
> $ ndnsec-keygen /example | ndnsec-cert-install -
>
> >> generate a site certificate and sign it by root certificate:
> /example/KEY/site1/ksk-2/ID-CERT
>
> $ ndnsec-keygen /example/site1 > site1-cert.req
> $ ndnsec-certgen -N /example/site1 -s /example site1-cert.req |
> ndnsec-cert-install -
>
> >> generate a user certificate and sign it by site certificate:
> /example/site1/KEY/user1/ksk-3/ID-CERT
>
> $ ndnsec-keygen /example/site1/user1 > user1-cert.req
> $ ndnsec-certgen -N /example/site1/user1 -s /example/site1 user1-cert.req
> | ndnsec-cert-install -
>
> >> publish root, site, user certificate in a repository or ndns system
>
> This depends on the tools. I usually write a simple cert publishing tool
> or use PIB to publish certificates
>
> >> generate a data signing certificate and sign it by user certificate:
> /example/site1/user1/KEY/dsk-4/ID-CERT
>
> For now, the command line tool disables dsk generation, but we could
> enable that if necessary.
>
>
> Yingdi
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150223/473595fe/attachment.html>
More information about the Nfd-dev
mailing list