Guide for Setting Up the Virtuoso HTTPS Listener using File System to host Certificate and Public Key
To enable the HTTPS listener, you will need a certificate. Existing certificates may not have Subject Alternate Name, so you may want to acquire (or generate) a new one.
cacert.peminto the server's working directory. In our test case, we put the keys in a '
keys' sub-directory, and added the following lines to the
[HTTPServer]section of the Virtuoso INI file (default,
SSLPort = 4443 SSLCertificate = ./keys/newcert.pem SSLPrivateKey = ./keys/newkey.pem X509ClientVerifyCAFile = ./keys/cacert.pem X509ClientVerify = 1 X509ClientVerifyDepth = 15
- Also in the Virtuoso INI file, in the
localhost:8890below) must be edited to correspond to the DNS-resolvable host name ("CNAME") of the Virtuoso host, combined with the
ServerPortas set in the
[HTTPServer]section of the same INI file. Default settings are seen here:
[URIQA] DynamicLocal = 1 DefaultHost = localhost:8890
For instance, if the CNAME of the host is
virtuoso.example.com, and the
DefaultHostshould be set to
[URIQA] DynamicLocal = 1 DefaultHost = virtuoso.example.com:4321
- Start the Virtuoso server, and look at the log file.
Once HTTPS is up, you should see something like —
HTTPS Using X509 Client CA .... HTTPS/X509 server online at 4443
- In the Preferences dialog, open the Advanced tab, and the Encryption subtab; then, click the View certificates button.
- Click the Add exception button, and enter the address of the HTTPS server you've just configured, i.e.
- Click OK, and confirm the exception.
- Click to the Your Certificates tab, and import