[Nfd-dev] How to start a certificate chain from scratch

Chengyu Fan chengy.fan at gmail.com
Thu Feb 26 15:05:34 PST 2015 

Hi Junxiao,

Is this problem solved?
I have the same issue now.

On Mon, Feb 23, 2015 at 10:46 PM, Junxiao Shi <shijunxiao at email.arizona.edu>
wrote:

> Dear folks
>
> The only missing piece is: publish root, site, user certificate in a
> repository or ndns system.
> Does anyone know how to publish a certificate with repo-ng and ndns? I
> want to try both.
>
> Yours, Junxiao
>
> On Wed, Nov 19, 2014 at 12:49 PM, Yingdi Yu <yingdi at cs.ucla.edu> wrote:
>
>> Hi Junxiao,
>>
>> On Nov 19, 2014, at 11:23 AM, Junxiao Shi <shijunxiao at email.arizona.edu>
>> wrote:
>>
>> Hi Yingdi
>>
>> Suppose one wants to mirror the same trust model as testbed and ndncert
>> website, how can he do that? What are the commands?
>>
>> I list the commands for the example below:
>>
>> >> Specifically, what are the commands to:
>>
>> >> generate a root certificate: /example/KEY/ksk-1/ID-CERT
>>
>> $ ndnsec-keygen /example | ndnsec-cert-install -
>>
>> >> generate a site certificate and sign it by root certificate:
>> /example/KEY/site1/ksk-2/ID-CERT
>>
>> $ ndnsec-keygen /example/site1 > site1-cert.req
>> $ ndnsec-certgen -N /example/site1 -s /example site1-cert.req |
>> ndnsec-cert-install -
>>
>> >> generate a user certificate and sign it by site certificate:
>> /example/site1/KEY/user1/ksk-3/ID-CERT
>>
>> $ ndnsec-keygen /example/site1/user1 > user1-cert.req
>> $ ndnsec-certgen -N /example/site1/user1 -s /example/site1 user1-cert.req
>> | ndnsec-cert-install -
>>
>> >> publish root, site, user certificate in a repository or ndns system
>>
>> This depends on the tools. I usually write a simple cert publishing tool
>> or use PIB to publish certificates
>>
>> >> generate a data signing certificate and sign it by user certificate:
>> /example/site1/user1/KEY/dsk-4/ID-CERT
>>
>> For now, the command line tool disables dsk generation, but we could
>> enable that if necessary.
>>
>>
>> Yingdi
>>
>
>
> _______________________________________________
> Nfd-dev mailing list
> Nfd-dev at lists.cs.ucla.edu
> http://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev
>
>


-- 
Thanks,

Chengyu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20150226/38b01d03/attachment.html>

More information about the Nfd-dev mailing list