How ndncert works and what to expect

How it works

Name conventions for NDN certificates

ndncert directly ties the issued certificate names (= authorized namespace for the hierarchical trust model described in NDN-0009, "Deploying Key Management on NDN Testbed" by Bian et al.) to user email addresses.

In general, certificate namespace is based on institutional email addresses: -> /ndn/edu/ucla/cs/tom -> /ndn/edu/wustl/bob -> /ndn/edu/umich/eecs/alice

Non-institutional addresses and addresses of institutions that are not part of testbed assigned guest NDN namespace: -> /ndn/guest/

Which operator is responsible to signing certificates for which domain names is configured in the web server database (operators collection).

Basic operations

ndncert overview

What to expect

To obtain a valid NDN testbed certificate, user should follow the following steps:

  • Go to, initiate certification by submitting email address

    step 1

  • Check mailbox and click to open certification submission page

    step 2

  • Generate certification request in the specified namespace (derived from email)

    step 3

  • Submit name, other information to associate with the certificate, and public key

    step 4

  • Wait for email notification of the approval by the site’s operator

    step 5

  • Follow the instructions to install the issued certificate

    step 6

After final step the NDN Testbed certificate is installed and ready to be used.