[Nfd-dev] Try NDNCERT (based on Interest-Data exchange) and get an NDN certificate today
Junxiao Shi
shijunxiao at email.arizona.edu
Fri Jul 27 12:54:24 PDT 2018
Hi Zhiyi
I tested ndncert-client and it did not work.
NFD is running on your device and your NFD has connected either NDN testbed
> or the CA server. You can run the following commands in your terminal to
> connect your NFD to the testbed
>
My node is already connected to testbed. The connectivity is established
via NDN-FCH service. I confirmed that ndnping /ndn/edu/ucla works.
> *1. Get NDNCERT command line tools:*
>
> Option B: install from NDN PPA (For Debian OSes)
>
>> sudo add-apt-repository ppa:named-data/ppa
>> sudo apt-get update
>> sudo apt-get ndncert
>
>
This repository is for Ubuntu. It does not work for Debian.
I'm using the Debian repository found at
https://bintray.com/yoursunny/named-data . It has
ndncert 0.0.2-2-g047386ef-ppa1 backported from Ubuntu PPA.
>
> *2. Bootstrapping by downloading the trust anchor certificate*
>
> Run the command in your terminal:
>
>> curl -o /usr/local/etc/ndncert/client.conf https://zhiyi-zhang.com/
>> ucla-client.txt
>
>
This command does not work for a Debian installation. It needs sudo and
cannot have /usr/local:
sudo curl -o /etc/ndncert/client.conf
https://zhiyi-zhang.com/ucla-client.txt
>
> *3. Get your own certificate!*
>
> Run the command line tool:
>
>> ndncert-client
>
>
> You are supposed to get prompt like this:
>
>> ***************************************
>> Index: 0
>> CA prefix:/ndn/edu/ucla/CA
>> Introduction: UCLA Certificate Authority of NDN Testbed
>> ***************************************
>> Step 0: Please type in the CA namespace index that you want to apply
>
> Type in "0" to select the CA /ndn/edu/ucla/CA.
>
>
> Then you will get the prompt:
>
>> Step 1: Please type in the identity name
>
> You can type in the name that you want to obtain, e.g., alice.
>
>
> Then you will get the available challenges through which you can prove
> your identity and get a certificate:
>
This step does not work:
debian at beaglebone:~$ ndncert-client
***************************************
Index: 0
CA prefix:/ndn/edu/ucla/CA
Introduction: UCLA Certificate Authority of NDN Testbed
***************************************
Step 0: Please type in the CA namespace index that you want to apply
0
Step 1: Please type in the identity name
alice
Error: Got Nack
tcpdump (attached) indicates that two Interests were transmitted, but none
got a reply.
> Step 2: Please select one challenge from following types
>> PIN
>> Email
>
> For now, there are two challenges available: PIN and Email.
>
> Type in "Email" to select email challenge and then follow the prompt to
> type in your email address. After that, you will get an email (if no, the
> email is probably in your spam box or blocked by your email service
> provider). Copy the PIN code from the email and paste it in the command
> line tool.
>
> You will then get a certificate installed on your device.
>
>
>
Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20180727/de4abd3e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.pcap
Type: application/octet-stream
Size: 1146 bytes
Desc: not available
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20180727/de4abd3e/attachment.obj>
More information about the Nfd-dev
mailing list