[Nfd-dev] How to start a certificate chain from scratch
chengy.fan at gmail.com
Thu Feb 26 15:05:34 PST 2015
Is this problem solved?
I have the same issue now.
On Mon, Feb 23, 2015 at 10:46 PM, Junxiao Shi <shijunxiao at email.arizona.edu>
> Dear folks
> The only missing piece is: publish root, site, user certificate in a
> repository or ndns system.
> Does anyone know how to publish a certificate with repo-ng and ndns? I
> want to try both.
> Yours, Junxiao
> On Wed, Nov 19, 2014 at 12:49 PM, Yingdi Yu <yingdi at cs.ucla.edu> wrote:
>> Hi Junxiao,
>> On Nov 19, 2014, at 11:23 AM, Junxiao Shi <shijunxiao at email.arizona.edu>
>> Hi Yingdi
>> Suppose one wants to mirror the same trust model as testbed and ndncert
>> website, how can he do that? What are the commands?
>> I list the commands for the example below:
>> >> Specifically, what are the commands to:
>> >> generate a root certificate: /example/KEY/ksk-1/ID-CERT
>> $ ndnsec-keygen /example | ndnsec-cert-install -
>> >> generate a site certificate and sign it by root certificate:
>> $ ndnsec-keygen /example/site1 > site1-cert.req
>> $ ndnsec-certgen -N /example/site1 -s /example site1-cert.req |
>> ndnsec-cert-install -
>> >> generate a user certificate and sign it by site certificate:
>> $ ndnsec-keygen /example/site1/user1 > user1-cert.req
>> $ ndnsec-certgen -N /example/site1/user1 -s /example/site1 user1-cert.req
>> | ndnsec-cert-install -
>> >> publish root, site, user certificate in a repository or ndns system
>> This depends on the tools. I usually write a simple cert publishing tool
>> or use PIB to publish certificates
>> >> generate a data signing certificate and sign it by user certificate:
>> For now, the command line tool disables dsk generation, but we could
>> enable that if necessary.
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Nfd-dev