blob: 1b0aaed64725e4b69b2ab0d9d0ad998ae17f8cf0 [file] [log] [blame] [view]
Zhiyi Zhang3aaf06d2020-10-17 13:05:36 -07001# Deploy NDNCERT v0.3 over testbed
2
3Three steps:
4
5* Deploy root CA `/ndn` by setting up the NDNCERT CA configuration and run NDNCERT service
6* At each site server, run NDNCERT client command line tools to get certificate issued by `/ndn` using the PIN code challenge, set up the CA configuration and run NDNCERT CA service.
7* Update the `/ndn`'s configuration file and restart the service.
8
Zhiyi Zhang3aaf06d2020-10-17 13:05:36 -07009## Step 1
10
11```bash
tylerliub7083bd2020-10-17 20:42:14 -070012sudo ./deploy.sh
Zhiyi Zhang3aaf06d2020-10-17 13:05:36 -070013```
14
15## Step 2
16
Zhiyi Zhang633c5bf2020-10-17 16:28:05 -070017On each site:
18
19```bash
tylerliub7083bd2020-10-17 20:42:14 -070020sudo ./deploy.sh
Zhiyi Zhang633c5bf2020-10-17 16:28:05 -070021```
22
23```bash
24ndnsec-dump-certificate XXX
25```
26
27## Step 3
Tianyuan Yu313a8d42020-10-17 21:39:15 -070028Stop NDNCERT CA
29```bash
30sudo systemctl stop ndncert-ca
31```
Zhiyi Zhang633c5bf2020-10-17 16:28:05 -070032
Tianyuan Yu313a8d42020-10-17 21:39:15 -070033Update CA configuation file ``ca.conf`` with the output certificate just get:
34Inside ``ca.conf``, site CAs are configured by sections below:
Zhiyi Zhang633c5bf2020-10-17 16:28:05 -070035
Tianyuan Yu313a8d42020-10-17 21:39:15 -070036```
37 "redirect-to":
38 [
39 {
40 "ca-prefix": "/example/site1",
41 "certificate": "Bv0CvQcwCAdleGFtcGxlCAVzaXRlMQgDS0VZCAh6af3szF4QZwgEc2VsZggJ/QAAAXT6+NCKFAkYAQIZBAA27oAV/QEmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA43hjZT0HUFFJcqwj8lZnd/vg0NrzqvZ4jhsq1c+nv6J3Huc9Uq5jRZwhFQ8nBWT3CeFScO5FUQfNXDIDncZ4vYPFEnockOFVtvmKQ/ELwReUvjH80d1NPGrIVrD0lMRpv2sFr6NW2p7aw6bCSj3OJq7H/+QHDkAryssMZyHwTbPzMZHyYKmxR68CyCCpvLlgp8tYFT+cCrOc3lz3nROK3VFR+apgwubpvl8nbKD10QLcgMHSkLoLEy/Ksq8OH7MQhUEZDjLk/zL9baZ7MiKXtdUZCNTZk13y5z+4aT4TqumLB+obiDXmv6JAi+CkYIMf2ck2IvMV6JgxxIlv3+Ke2wIDAQABFlAbAQEcIQcfCAdleGFtcGxlCAVzaXRlMQgDS0VZCAh6af3szF4QZ/0A/Sb9AP4PMTk3MDAxMDFUMDAwMDAw/QD/DzIwNDAwOTMwVDIyNTQwNBf9AQCCSXOqUX40mAIdKCa+nnfJCGZbNowQPJp5kDnyolj5/Ek9x8czyLcX58xTsgYtiPmL5DxMgkRujRJu9INm0pUJIJRlsqhDOwsrxIjlSgwy5AeexYe7SM3rSwljLxTR4MfBw26pym9iYt8ovHXotCDE+etyKwHzXoOgzxORoPXqBGwobNOPnhDfpzHQBFOrPd8qqLAGioNNk/k2U/uyvBbLoZS4ScNVJpfbcvcmzu/A8H/VyT4234LrlISL9WpWlO8J18yzhrXchFR0ZwCoYge5rLZ4vsQhY1WqXHCsYnRa3la6Txz44EWYEBpmk12qnkPt06KAPvQ82N1CICxFb9NY"
42 }
43 ]
44```
Zhiyi Zhang633c5bf2020-10-17 16:28:05 -070045
Tianyuan Yu313a8d42020-10-17 21:39:15 -070046Replace the ``ca-prefix`` and ``certificate`` in this example section with the ones in your case.
47
48Start NDNCERT CA
49```bash
50sudo systemctl start ndncert-ca
51```