%TOC%

---++Creating and Using a SPARQL-SSL based Endpoint

The following guide describes the basic steps for setting up an SSL protected and WebID based SPARQL Endpoint (SPARQL-SSL). The guide also covers the use of Virtuoso PL functions and the Virtuoso Conductor for SPARQL endpoint creation and configuration. It also covers the use of cURL for exercising the newly generated SPARQL-SSL endpoint.


   1 [[http://ods.openlinksw.com/wiki/ODS/ODSPkiSetup][Setup the CA issuer and https listener]]
   1 Define the /sparql-ssl endpoint on an HTTPS based listener (HTTPS service endpoint), for example using Virtuoso PL:
<verbatim>
DB.DBA.VHOST_DEFINE (
	 lhost=>'127.0.0.1:443',
	 vhost=>'localhost',
	 lpath=>'/sparql-ssl',
	 ppath=>'/!sparql/',
	 is_dav=>1,
	 auth_fn=>'DB.DBA.FOAF_SSL_AUTH',
	 vsp_user=>'dba',
	 ses_vars=>0,
	 auth_opts=>vector ('https_cert', 'db:https_key_localhost', 'https_key', 'db:https_key_localhost', 'https_verify', 3, 'https_cv_depth', 10),
	 opts=>vector ('noinherit', 1),
	 is_default_host=>0
);
</verbatim>
   1 [[VirtAuthServerUI][Setup the SPARQL-SSL endpoint and define ACLs]] using the Virtuoso Conductor
   1 Export your private key and its associated WebID based X.509 certificate from your Firefox browser or System's Key Manager into PEM (PKCS12) file 
      1 If using Firefox use the menu path: Advanced->View Certificates, then  click Backup for your certificate with name "mykey".
      1 The file "mykey.p12" will be created. To disable password protection so that you can use this file in non-interactive mode (e.g. with cURL and other HTTP clients) execute:
<verbatim>
openssl pkcs12 -in mykey.p12 -out mykey.pem -nodes 
</verbatim>
   1 [[VirtFOAFSSLCurlExample1][Test the SPARQL-SSL endpoint with cURL]] (listening on default HTTPS 443 port): 
      * Note: In this example we use the "-k / --insecure" option with cURL since we are going to be using self-signed X.509 certificates signed by self-signed root CA. 
   1 Import your key it via Conductor UI:
      1 Go to Conductor -> System Admin->User Accounts
%BR%%BR%<img src="%ATTACHURLPATH%/c1.png" />%BR%%BR%
      1 Click "Edit" for your user
%BR%%BR%<img src="%ATTACHURLPATH%/c2.png" />%BR%%BR%
      1 Change "User type" to: SQL/ODBC and WebDAV
%BR%%BR%<img src="%ATTACHURLPATH%/c3.png" />%BR%%BR%
      1 Enter your ODS user WebID:
<verbatim>
http://cname:port/dataspace/person/username#this
</verbatim>
%BR%%BR%<img src="%ATTACHURLPATH%/c4.png" />%BR%%BR%
      1 Click "Save"
      1 Click again "Edit" for your user
      1 In "PKCS12 file:" click the Browse" button and select your key.
      1 Enter a local Key Name, for e.g., "cli_key"
      1 Enter key password
%BR%%BR%<img src="%ATTACHURLPATH%/c5.png" />%BR%%BR%
      1 Click "Import Key"
      1 As result the key will be stored with name for ex. cli_key
%BR%%BR%<img src="%ATTACHURLPATH%/c6.png" />%BR%%BR%
      1 Click "Save"
   1 [[VirtFOAFSSLCurlExample2][Test the SPARQL-SSL endpoint with http_client]] (listening on default HTTPS 443 port).

---+++Demo Examples

   * [[http://demo.openlinksw.com/tutorial/rdf/fs_s_1/fs_s_1.vsp][Using HTTP client to perform FOAF+SSL connection]]

---+++Related
   * [[http://ods.openlinksw.com/wiki/ODS/VirtODSPubSubHub][Setting up PubSubHub in ODS]]
   * [[http://ods.openlinksw.com/wiki/ODS/VirtPubSubHub][PubSubHubBub Demo Client Example]]
   * [[http://ods.openlinksw.com/wiki/ODS/VirtFeedPubSubHub][Feed subscription via PubSubHub protocol Example ]]
   * [[http://ods.openlinksw.com/wiki/ODS/VirtPubSubHubACL][Setting Up PubSubHub to use FOAF+SSL or IP based control lists]]
   * [[VirtAuthServerUI][Set FOAF+SSL ACLs using the Virtuoso Authentication Server UI]]
   * [[VirtAuthFOAFSSLACL][FOAF+SSL ACLs Tutorial]]
   * [[VirtOAuthSPARQL][SPARQL OAuth Tutorial]]
   * [[http://ods.openlinksw.com/wiki/ODS/VirtODSFOAFSSL][FOAF+SSL Support in OpenLink Data Spaces]]
   * [[http://ods.openlinksw.com/wiki/ODS/ODSPkiSetup][Guide to Setting up a X.509 certificate issuer and HTTPS listener and Generating ODS user certificates]]
   * [[http://ods.openlinksw.com/wiki/ODS/OdsKeyImport][CA Keys Import using Conductor]]
   * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseFOAFSSLODSCert][Generate an X.509 Certificate hosted WebID Guide]]
   * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseFOAFSSLShareFile][ODS Briefcase FOAF+SSL Share File Guide]]
   * [[http://esw.w3.org/topic/foaf+ssl][FOAF+SSL Specification]]
   * [[https://foaf.me/simpleLogin.php][Test FOAF+SSL Certificate page]]
   * [[http://test.foafssl.org/cert/][FOAF+SSL Certificate Generation page]]
   * [[https://demo.openlinksw.com/sparql-ssl][Virtuoso Demo SPARQL-SSL Endpoint]]