Guide for Setting Up the Virtuoso HTTPS Listener using File System to host Certificate and Public Key To enable the HTTPS listener, you will need a certificate. Existing certificates may not have Subject Alternate Name, so you may want to acquire (or generate) a new one. Move newcert.pem, newkey.pem, and cacert.pem into the server's working directory. In our test case, we put the keys in a 'keys' sub-directory, and added the following lines to the [HTTPServer] section of the Virtuoso INI file (default, virtuoso.ini): SSLPort = 4443 SSLCertificate = ./keys/newcert.pem SSLPrivateKey = ./keys/newkey.pem X509ClientVerifyCAFile = ./keys/cacert.pem X509ClientVerify = 1 X509ClientVerifyDepth = 15 Also in the Virtuoso INI file, in the [URIQA] section, DefaultHost (set to localhost:8890 below) must be edited to correspond to the DNS-resolvable host name ("CNAME") of the Virtuoso host, combined with the ServerPort as set in the [HTTPServer] section of the same INI file. Default settings are seen here: [URIQA] DynamicLocal = 1 DefaultHost = localhost:8890 For instance, if the CNAME of the host is virtuoso.example.com, and the ServerPort is 4321, the DefaultHost should be set to virtuoso.example.com:4321 [URIQA] DynamicLocal = 1 DefaultHost = virtuoso.example.com:4321 Start the Virtuoso server, and look at the log file. Once HTTPS is up, you should see something like — HTTPS Using X509 Client CA .... HTTPS/X509 server online at 4443 Setting Up Firefox In the Preferences dialog, open the Advanced tab, and the Encryption subtab; then, click the View certificates button.

Click the Add exception button, and enter the address of the HTTPS server you've just configured, i.e. — https://virtuoso.example.com:4443/ Click OK, and confirm the exception.

Click to the Your Certificates tab, and import mycert.p12.