Virtuoso Certificate Authority Setup

The steps that follow guide you through the process of setting up your Virtuoso instance to issue CA-Authority-notarized X.509 certificates that include WebID watermarks.


The following packages should be installed:

Generating CA-Authority Certificate (.p12 or .pfx)

Manually Generating CA-Authority Certificate

  1. Go to the http://cname:port/conductor URL, enter the DBA user credentials.
  2. Go to System AdminSecurity

  3. Fill in the form. For example:
    • Country: US
    • State: MA
    • Organization: Example Inc.
    • Organization Unit: Example
    • Name: Root CA
    • e-mail:

  4. Click Generate.
  5. The CA-Authority Certificate should be successfully generated:

Importing CA-Authority Certificate

  1. Generate CA-Authority Certificate that:
    • has http://localhost:8890/dataspace/person/dba#this as WebID
    • is Certification Authority (CA) Identity
    • has Self-Signed Issuer
  2. Go to the http://cname:port/conductor URL, enter the "dba" user credentials.
  3. Go to System AdminUser Accounts.

  4. For user dba, click Edit:

  5. In the presented form for PKCS12 file, click Choose File and select your CA Certificate; for example, with name example.p12:

  6. Enter Key Name id_rsa and Key Password the password your CA Certificate has:

  7. Click Import Key
  8. On a successful import, the certificate should now be presented in the Cryptographic Keys list:

  9. Click Save
  10. Go to System AdminSecurityPublic Key Infrastructure
  11. The CA Certificate Details should be presented:

Generating SSL Key Using the Conductor UI

Note The following assumes the CA-Authority Certificate has been generated/imported already, as through the sections above.
  1. Go to the http://cname:port/conductor URL, enter the DBA user credentials.

  2. Go to System AdminSecurity.

  3. Click Configure HTTPS Listeners

  4. Edit the new listener, and click Generate New

  5. Click Save

Setting Up Firefox

  1. In the Preferences dialog, open the Advanced tab, and click the View certificates button.
  2. Click the Add exception button and enter the address of the HTTPS server you've just configured, i.e.,
  3. Click OK, and confirm the exception.