VirtSetupSSLVirtuoso Virtuoso Certificate Authority Setup Virtuoso Certificate Authority Setup The steps that follow guide you through the process of setting up your Virtuoso instance to issue CA-Authority-notarized X.509 certificates that include WebID watermarks. Prerequisites The following packages should be installed: conductor_dav.vad Generating CA-Authority Certificate (.p12 or .pfx) Manually Generating CA-Authority Certificate Go to the http://cname:port/conductor URL, enter the DBA user credentials. Go to System AdminSecurity
Fill in the form. For example: Country: US State: MA Organization: Example Inc. Organization Unit: Example Name: Root CA e-mail: dba@example.com
Click Generate. The CA-Authority Certificate should be successfully generated:
Importing CA-Authority Certificate Generate CA-Authority Certificate that: has http://localhost:8890/dataspace/person/dba#this as WebID is Certification Authority (CA) Identity has Self-Signed Issuer Go to the http://cname:port/conductor URL, enter the "dba" user credentials. Go to System AdminUser Accounts.
For user dba, click Edit:
In the presented form for PKCS12 file, click Choose File and select your CA Certificate; for example, with name example.p12:
Enter Key Name id_rsa and Key Password the password your CA Certificate has:
Click Import Key On a successful import, the certificate should now be presented in the Cryptographic Keys list:
Click Save Go to System AdminSecurityPublic Key Infrastructure The CA Certificate Details should be presented:
Generating SSL Key Using the Conductor UI Note The following assumes the CA-Authority Certificate has been generated/imported already, as through the sections above.Go to the http://cname:port/conductor URL, enter the DBA user credentials.
Go to System AdminSecurity.
Click Configure HTTPS Listeners
Edit the new listener, and click Generate New
Click Save
Setting Up Firefox In the Preferences dialog, open the Advanced tab, and click the View certificates button. Click the Add exception button and enter the address of the HTTPS server you've just configured, i.e., https://virtuoso.example.com:4433/ Click OK, and confirm the exception.
Related Safeguarding your Virtuoso-hosted SPARQL Endpoint SPARQL Endpoint Protection Methods Collection Virtuoso documentation SPARQL Service Endpoint Service Endpoint Security Managing a SPARQL Web Service Endpoint SPARQL Virtuoso Tips and Tricks Collection SPARQL Endpoint DET Configuration Guide WebID Protocol & SPARQL Endpoint ACLs Tutorial SPARQL OAuth Tutorial Securing SPARQL endpoints SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint Virtuoso Authentication Server UI Manage a SPARQL-WebID based Endpoint Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener WebID Protocol Support in OpenLink Data Spaces. Manage ODS Dataspaces Objects WebID Access Control Lists (ACLs): ODS Briefcase WebID based ACL Guide Person Entity WebID based ACL Guide Group Entity WebID based ACL Guide Public WebID based ACL Guide ODS Feed Manager WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID ODS Calendar WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID ODS Bookmark Manager WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID ODS Addressbook WebID based ACL Guide Person Entity Specific ACL Group Entity Specific ACL Public Specific ACL for anyone with a WebID Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates. Setting up PubSubHub in ODS PubSubHubBub Demo Client Example Feed subscription via PubSubHub protocol Example Setting Up PubSubHub to use WebID Protocol or IP based control lists CA Keys Import using Conductor Generate an X.509 Certificate hosted WebID Guide Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate ODS Briefcase WebID Protocol Share File Guide WebID Protocol Specification Test WebID Protocol Certificate page WebID Protocol Certificate Generation page