VOS.VirtSetupSSLFileSystem
Guide for Setting Up the Virtuoso HTTPS Listener using File System to host Certificate and Public Key
To enable the HTTPS listener, you will need another certificate. Existing certificates may not have Subject Alternate Name, so you may want to generate one as in this section.
- Move
newcert.pem,newkey.pem, andcacert.peminto the server's working directory. In our test case, we put the keys in a 'keys' sub-directory, and added the following lines to the[HTTPServer]section of the Virtuoso INI file,virtuoso.ini:
SSLPort = 4443 SSLCertificate = ./keys/localhost.cert.pem SSLPrivateKey = ./keys/localhost.key.pem X509ClientVerifyCAFile = ./keys/localhost.ca.pem X509ClientVerify = 1 X509ClientVerifyDepth = 15
- Also in the Virtuoso INI file, in the
[URIQA]section,DefaultHost?(localhost:8890below) must be edited to correspond to the DNS-resolvable host name ("CNAME") of the Virtuoso host, combined with theServerPort?as set in the[HTTPServer]section of the same INI file.
[URIQA] DynamicLocal = 1 DefaultHost = localhost:8890
For instance, if the CNAME of the host isvirtuoso.example.com, and theServerPort?is4321, theDefaultHost?should be set tovirtuoso.example.com:4321
[URIQA] DynamicLocal = 1 DefaultHost = virtuoso.example.com:4321
- Start the Virtuoso server, and look at the log file.
Once HTTPS is up, you should see something like —
HTTPS Using X509 Client CA .... HTTPS/X509 server online at 4443
Setting Up Firefox
- In the Preferences dialog, open the Advanced tab, and click the "View certificates" button.
- Click the "Add exception" button ,and enter the address of the HTTPS server you've just configured, i.e., https://virtuoso.example.com:4443/
- Click OK, and confirm the exception.
- Click to the "Your Certificates" tab, and import
mycert.p12.