[Nfd-dev] problem receiving certificate from mmlab-1 testbed node

Dehart, John jdd at wustl.edu
Sat Jun 25 07:46:04 PDT 2022 

This should be fixed now. There was a permission problem.
John



On Jun 24, 2022, at 4:09 PM, Junxiao Shi via Nfd-dev <nfd-dev at lists.cs.ucla.edu<mailto:nfd-dev at lists.cs.ucla.edu>> wrote:

Hi Nikos

The CA is not running.
https://mmlab-aueb-1.mmlab.edu.gr/n/<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmmlab-aueb-1.mmlab.edu.gr%2Fn%2F&data=05%7C01%7Cjdd%40wustl.edu%7C71461d983a31488aa13408da562601b5%7C4ccca3b571cd4e6d974b4d9beb96c6d6%7C0%7C0%7C637917019205804055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=7%2FwoSAXEuvKds1wSzdCOtnGKilRvuonRNVgZsPhdH3A%3D&reserved=0> Routes tab, look for /ndn/gr/edu/mmlab1/CA. If it's not there, it means the CA has crashed.
Go to NDN Slack and post in #testbed channel, ask NDNOPS to reset the CA on that node.

Regarding the certificate ValidityPeriod: I hear it's set to 15 days because NDNCERT CA is still experimental.
NDNCERT-legacy https://ndncert.named-data.net<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fndncert.named-data.net%2F&data=05%7C01%7Cjdd%40wustl.edu%7C71461d983a31488aa13408da562601b5%7C4ccca3b571cd4e6d974b4d9beb96c6d6%7C0%7C0%7C637917019205804055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5eemkIHCYO%2ByIhu7AQgIJ6sjZ1AoWHReyHzTcHHxI4g%3D&reserved=0> can give you 1-year certificates for production use.

Yours, Junxiao

On Fri, Jun 24, 2022 at 4:20 PM Nikos Fotiou via Nfd-dev <nfd-dev at lists.cs.ucla.edu<mailto:nfd-dev at lists.cs.ucla.edu>> wrote:
Hi,
I am trying to receive a certificate for second14 at aueb.gr<mailto:second14 at aueb.gr> using the guidelines here https://gist.github.com/tianyuan129/dc97822f263612dd2a4df288fcbb3bc7<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgist.github.com%2Ftianyuan129%2Fdc97822f263612dd2a4df288fcbb3bc7&data=05%7C01%7Cjdd%40wustl.edu%7C71461d983a31488aa13408da562601b5%7C4ccca3b571cd4e6d974b4d9beb96c6d6%7C0%7C0%7C637917019205804055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=vyG4Kswk5t3SurO2yZiFLA4voh9zyc5HEPjbL1npk7g%3D&reserved=0>

A few days ago I did the same and everything worked as expected, but the certificate expired; I tried to repeat the process without success.

Here is the output of ndncertclient:

ndncert-client
***************************************
Step 1: CA SELECTION
> Index: 0
>> CA prefix:/ndn
>> Introduction:
Please type in the CA's index that you want to apply or type in NONE if your expected CA is not in the list:
0

***************************************
Step 2: Please provide information for name assignment
Please input: email
second14 at aueb.gr<mailto:second14 at aueb.gr>
Got it. This is what you've provided:
email : second14 at aueb.gr<mailto:second14 at aueb.gr>

***************************************
Step 3 Choose another trusted CA suggested by the CA:
> Index: 0
>> Suggested CA: /ndn/gr/edu/mmlab1
> Index: 1
>> Suggested CA: /ndn/gr/edu/mmlab2
Please type in the index of your choice:
0
You will be redirected to CA: /ndn/gr/edu/mmlab1
Interest timeout

Here is the nfd output:

1656101557.977565 DEBUG: [nfd.Forwarder] onOutgoingData out=262 data=/ndn/CA/PROBE/params-sha256=33bc21920e3b1863558c8ea520a19ec29669720bd872c7ecf971ed79e3b0a36a
1656101557.977767 DEBUG: [nfd.Forwarder] onInterestFinalize interest=/ndn/CA/PROBE/params-sha256=33bc21920e3b1863558c8ea520a19ec29669720bd872c7ecf971ed79e3b0a36a satisfied
1656101560.017947 DEBUG: [nfd.Forwarder] onIncomingInterest in=(262,0) interest=/ndn/gr/edu/mmlab1/CA/INFO/32=metadata
1656101560.018080 DEBUG: [nfd.ContentStore] find /ndn/gr/edu/mmlab1/CA/INFO/32=metadata no-match
1656101560.018217 DEBUG: [nfd.Forwarder] onContentStoreMiss interest=/ndn/gr/edu/mmlab1/CA/INFO/32=metadata
1656101560.018268 DEBUG: [nfd.BestRouteStrategy] /ndn/gr/edu/mmlab1/CA/INFO/32=metadata?CanBePrefix&MustBeFresh&Nonce=efc15ae5 from=(262,0) newPitEntry-to=261
1656101560.018413 DEBUG: [nfd.Forwarder] onOutgoingInterest out=261 interest=/ndn/gr/edu/mmlab1/CA/INFO/32=metadata
1656101564.040141 DEBUG: [nfd.Forwarder] onInterestFinalize interest=/ndn/gr/edu/mmlab1/CA/INFO/32=metadata unsatisfied

Does anybody know what is happening?

BTW when I try issue a certificate for my gmail account, I receive it with success.

Finally, is it possible to increase the lifetime of certificates? 15 days is too sort.

Best,
Nikos


Nikos Fotiou - http://pages.cs.aueb.gr/~fotiou<https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpages.cs.aueb.gr%2F~fotiou&data=05%7C01%7Cjdd%40wustl.edu%7C71461d983a31488aa13408da562601b5%7C4ccca3b571cd4e6d974b4d9beb96c6d6%7C0%7C0%7C637917019205804055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=793ZOYREZGweLyTQScL4SjGkQdkEW66u1VGg26QrVWY%3D&reserved=0>
Researcher - Mobile Multimedia Laboratory
Athens University of Economics and Business
https://mm.aueb.gr<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmm.aueb.gr%2F&data=05%7C01%7Cjdd%40wustl.edu%7C71461d983a31488aa13408da562601b5%7C4ccca3b571cd4e6d974b4d9beb96c6d6%7C0%7C0%7C637917019205804055%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=X1U8h4uayELHyhem5hG0dPdkPKAV5e47wYdsVi4anFU%3D&reserved=0>

_______________________________________________
Nfd-dev mailing list
Nfd-dev at lists.cs.ucla.edu<mailto:Nfd-dev at lists.cs.ucla.edu>
https://www.lists.cs.ucla.edu/mailman/listinfo/nfd-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20220625/41f675f3/attachment.html>

More information about the Nfd-dev mailing list