[Nfd-dev] Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today
Zhiyi Zhang
zhiyi at cs.ucla.edu
Fri Jul 27 11:54:30 PDT 2018
Hi all,
I deployed NDNCERT CA server on UCLA site and the server has been connected
to the NDN testbed.
Now the NDNCERT CA is available and we encourage you to have a try and get
an NDN certificate (your certificate’s trust anchor is NDN testbed anchor).
To get an NDN certificate with NDNCERT, you can simply follow these steps:
*Prerequisite: *
NFD is running on your device and your NFD has connected either NDN testbed
or the CA server. You can run the following commands in your terminal to
connect your NFD to the testbed
> nfdc face create udp4://spurs.cs.ucla.edu
or to the UCLA CA directly
> nfdc face create udp4://131.179.176.110:6363
After creating a face, you also need to create a route into your NFD.
> nfdc route add /ndn <the face id you just got>
For more information:
http://named-data.net/doc/NFD/current/INSTALL.html#connecting-to-remote-nfds
*1. Get NDNCERT command line tools:*
Option A: compile from source (For MacOS and Linux). Run following commands
in your terminal:
> git clone https://github.com/named-data/ndncert.git
> cd ndncert
> ./waf configure
> ./waf
> ./waf install
Option B: install from NDN PPA (For Debian OSes)
> sudo add-apt-repository ppa:named-data/ppa
> sudo apt-get update
> sudo apt-get ndncert
*2. Bootstrapping by downloading the trust anchor certificate*
Run the command in your terminal:
> curl -o /usr/local/etc/ndncert/client.conf
> https://zhiyi-zhang.com/ucla-client.txt
*3. Get your own certificate!*
Run the command line tool:
> ndncert-client
You are supposed to get prompt like this:
> ***************************************
> Index: 0
> CA prefix:/ndn/edu/ucla/CA
> Introduction: UCLA Certificate Authority of NDN Testbed
> ***************************************
> Step 0: Please type in the CA namespace index that you want to apply
Type in "0" to select the CA /ndn/edu/ucla/CA.
Then you will get the prompt:
> Step 1: Please type in the identity name
You can type in the name that you want to obtain, e.g., alice.
Then you will get the available challenges through which you can prove your
identity and get a certificate:
> Step 2: Please select one challenge from following types
> PIN
> Email
For now, there are two challenges available: PIN and Email.
Type in "Email" to select email challenge and then follow the prompt to
type in your email address. After that, you will get an email (if no, the
email is probably in your spam box or blocked by your email service
provider). Copy the PIN code from the email and paste it in the command
line tool.
You will then get a certificate installed on your device.
Please contact me if you run into any trouble when using NDNCERT. That
helps us to make NDNCERT better. Thank you!
Best,
Zhiyi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20180727/c132d015/attachment.html>
More information about the Nfd-dev
mailing list