[Nfd-dev] Simplest NDNCERT client, powered by NDNts

[Junxiao Shi]

Dear folks

Want to try NDNCERT
<https://www.lists.cs.ucla.edu/pipermail/nfd-dev/2019-June/003695.html> v2,
but the official ndncert-client is too hard to use? You can now request a
certificate from NDNCERT using NDNts!
Assuming you have working NFD and Node.js 12.x, it takes only one minute to
install @ndn/keychain-cli and obtain a certificate.

Prerequisite
Ubuntu only. Windows won't work, because it needs local NFD and 'ndnsec'
command. macOS may or may not work, I can't afford a test machine.
Install Node.js 12.x. See instructions here:
https://github.com/nodesource/distributions#deb
Start NFD and connect to the testbed: nfd-start && ndn-autoconfig

Installation
sudo npm install -g https://ndnts-nightly.netlify.com/keychain-cli.tgz

The NPM release 0.0.20191223-beta.1 has a bug that it won't install
certificates correctly, so you have to use nightly build.

Usage
ndnpeek -p /ndn/edu/ucla/yufeng/CA/_PROBE/INFO > ndncert-ucla.json
ndntssec ndncert-client --ca ndncert-ucla.json --ndnsec --valid-days 120
--verbose

Execute ndnsec list -c and you'll see a new certificate installed.

You may adjust '--valid-days' to request a certificate with different
validity period. Minimum is 1 day; maximum is 360 days.
If you exceed the bounds, you'll get "Interest rejected: expire" error. In
such cases, the CA doesn't give any specific error message, but simply
stops responding.

If your NFD is installed from source code compiled in debug mode, and you
are running ndntssec under the same user, NFD will crash after you obtain
the certificate.
This is caused by ndn-cxx KeyChain consistency check; it is not a bug of
NDNts; in fact, you'll see the same behavior with official ndncert-client.
To avoid this situation, it's recommended to install NFD from PPA.

Yours, Junxiao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20191226/2ea385d0/attachment.html>