User Tools

Site Tools


pki:test_drive_pki

Test Drive IoT_PKI

You can test drive some of the features of IoT_PKI using the Zibawa demo server.

Option 1 In Chrome Browser

If you have a chrome brower, you can download, verify and renew a client certificate from our test server as follows:

Note: firefox does not allow you to install certificates from self signed certificate authority.

What happens when you don't have client certificate

Go to: https://app.zibawa.com/IoT_pki/test_client_cert/

You will see the message: “Zibawa PKI has been unable to verify your client certificate:NONE”

Request New Certificate

Go to: https://app.zibawa.com/IoT_pki/new_request/

Fill in the certificate request form, as a minimum you need:

  • your own valid email address.
  • common name (must be unique, so don't try “test” or similar)

(Normally this would be done by the administrator)

Normally you would have to wait for an administrator to approve your request, but we have configured the test server to do this automatically.

Download the certificate and install in your browser

You will be emailed a link to enable you to download a certificate.

Install the certificate in your browser.

Settings>Advanced>Privacy and Security>Your certificates

Browse to the certificate you downloaded and install. It will probably be under org-unknown or whatever you introduced as organization data when requesting the cert.

Test the Certificate

Go again to the test page:

https://app.zibawa.com/IoT_pki/test_client_cert/

Now you will see that the application can verify your request and responds something like:

SUCCESS: Zibawa PKI succesfully verified your certificate. Serial number:0F7B980CDF9139C28CEA932E6E0EDE5034F28705

Option2 Using Python test client

Download the python test client. iot_pki_test_client.py

Run the test client from the command line using the command

python IoT_pki_test_client.py

You should see in the window how your pc connects to the zibawa test server, requests a certificate, then downloads a certificate using the token provided, and finally carries out a test renewal.

The downloaded certificate will be created in the working directory from which you ran the script, name tempCert.pem

If you want to visualize the certificate, you can copy paste the file contents into the certificate decoder below.

https://www.sslshopper.com/certificate-decoder.html

(after pasting in the contents , press enter to make the decoder run)

pki/test_drive_pki.txt · Last modified: 2017/07/25 16:21 by matt