%META:TOPICPARENT{name="VOSIndex"}% ---+ Virtuoso Certificate Authority Setup The steps that follow guide you through the process of setting up your Virtuoso instance to issue CA-Authority-notarized X.509 certificates that include WebID watermarks. %TOC% ---++ Prerequisites The following packages should be installed: * [[https://virtuoso.openlinksw.com/download/][conductor_dav.vad]] ---++ Generating CA-Authority Certificate (.p12 or .pfx) ---+++ Manually Generating CA-Authority Certificate 1 Go to the http://cname:port/conductor URL, enter the DBA user credentials. 1 Go to System AdminSecurity %BR%%BR%%BR%%BR% 1 Fill in the form. For example: * Country: US * State: MA * Organization: Example Inc. * Organization Unit: Example * Name: Root CA * e-mail: dba@example.com %BR%%BR%%BR%%BR% 1 Click Generate. 1 The CA-Authority Certificate should be successfully generated: %BR%%BR%%BR%%BR% ---+++ Importing CA-Authority Certificate 1 [[http://id.myopenlink.net/certgen/][Generate CA-Authority Certificate]] that: * has http://localhost:8890/dataspace/person/dba#this as WebID * is Certification Authority (CA) Identity * has Self-Signed Issuer 1 Go to the http://cname:port/conductor URL, enter the "dba" user credentials. 1 Go to System AdminUser Accounts. %BR%%BR%%BR%%BR% 1 For user dba, click Edit: %BR%%BR%%BR% %BR%%BR% 1 In the presented form for PKCS12 file, click Choose File and select your CA Certificate; for example, with name example.p12: %BR%%BR%%BR%%BR% 1 Enter Key Name id_rsa and Key Password the password your CA Certificate has: %BR%%BR%%BR%%BR% 1 Click Import Key 1 On a successful import, the certificate should now be presented in the Cryptographic Keys list: %BR%%BR%%BR%%BR% 1 Click Save 1 Go to System AdminSecurityPublic Key Infrastructure 1 The CA Certificate Details should be presented: %BR%%BR%%BR%%BR% ---++ Generating SSL Key Using the Conductor UI Note The following assumes the CA-Authority Certificate has been generated/imported already, as through the sections above. 1 Go to the http://cname:port/conductor URL, enter the DBA user credentials. %BR%%BR% %BR%%BR% 1 Go to System AdminSecurity. %BR%%BR%%BR%%BR% 1 Click Configure HTTPS Listeners %BR%%BR%%BR%%BR% 1 Edit the new listener, and click Generate New %BR%%BR%%BR%%BR% 1 Click Save %BR%%BR%%BR%%BR% ---++ Setting Up Firefox 1 In the Preferences dialog, open the Advanced tab, and click the View certificates button. 1 Click the Add exception button and enter the address of the HTTPS server you've just configured, i.e., https://virtuoso.example.com:4433/ 1 Click OK, and confirm the exception. %BR%%BR%%BR%%BR% ---++ Related * [[VirtSPARQLEndpointProtection][Safeguarding your Virtuoso-hosted SPARQL Endpoint]] * [[VirtTipsAndTricksGuideSPARQLEndpointProtection][SPARQL Endpoint Protection Methods Collection]] * [[http://docs.openlinksw.com/virtuoso/][Virtuoso documentation]] * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpoint][SPARQL Service Endpoint]] * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpointuri][Service Endpoint Security]] * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#sparqwebservicetbl][Managing a SPARQL Web Service Endpoint]] * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html][SPARQL]] * [[VirtTipsAndTricksGuide][Virtuoso Tips and Tricks Collection]] * [[VirtSPARQLDET][SPARQL Endpoint DET Configuration Guide]] * [[VirtSPARQLSecurityWebID][WebID Protocol & SPARQL Endpoint ACLs Tutorial]] * [[VirtOAuthSPARQL][SPARQL OAuth Tutorial]] * [[VirtTipsAndTricksGuideSPARQLEndpoints][Securing SPARQL endpoints]] * [[http://ods.openlinksw.com/wiki/ODS/OdsSPARQLAuth][SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint]] * [[VirtAuthServerUI][Virtuoso Authentication Server UI]] * [[VirtSPARQLSSL][Manage a SPARQL-WebID based Endpoint]] * [[VirtSetupSSL][Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener]] * [[http://ods.openlinksw.com/wiki/ODS/ODSSetupSSL][Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener]] * [[http://ods.openlinksw.com/wiki/ODS/VirtODSSecurityWebID][WebID Protocol Support in OpenLink Data Spaces]]. * Manage ODS Dataspaces Objects WebID Access Control Lists (ACLs): * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebID][ODS Briefcase WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDPerson][Person Entity WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDGroup][Group Entity WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDPublic][Public WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACL][ODS Feed Manager WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLPerson][Person Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLGroup][Group Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLPublic][Public Specific ACL for anyone with a WebID]] * [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACL][ODS Calendar WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLPerson][Person Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLGroup][Group Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLPublic][Public Specific ACL for anyone with a WebID]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACL][ODS Bookmark Manager WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLPerson][Person Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLGroup][Group Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLPublic][Public Specific ACL for anyone with a WebID]] * [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACL][ODS Addressbook WebID based ACL Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLPerson][Person Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLGroup][Group Entity Specific ACL]] * [[http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLPublic][Public Specific ACL for anyone with a WebID]] * [[http://ods.openlinksw.com/wiki/ODS/ODSPkiSetup][Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates.]] * [[http://ods.openlinksw.com/wiki/ODS/VirtODSPubSubHub][Setting up PubSubHub in ODS]] * [[http://ods.openlinksw.com/wiki/ODS/VirtPubSubHub][PubSubHubBub Demo Client Example]] * [[http://ods.openlinksw.com/wiki/ODS/VirtFeedPubSubHub][Feed subscription via PubSubHub protocol Example ]] * [[http://ods.openlinksw.com/wiki/ODS/VirtPubSubHubACL][Setting Up PubSubHub to use WebID Protocol or IP based control lists]] * [[http://ods.openlinksw.com/wiki/ODS/OdsKeyImport][CA Keys Import using Conductor]] * [[http://ods.openlinksw.com/wiki/ODS/ODSGenerateX509Certificate][Generate an X.509 Certificate hosted WebID Guide]] * [[http://ods.openlinksw.com/wiki/ODS/ODSGenerateWebIDX509CertOSKeystore][Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore]] * [[http://ods.openlinksw.com/wiki/ODS/ODSGenerateWebIDX509CertBrsKeystore][Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore]] * [[http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdP][Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate]] * [[http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdpProxy][Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate]] * [[http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDShareFile][ODS Briefcase WebID Protocol Share File Guide]] * [[http://esw.w3.org/topic/foaf+ssl][WebID Protocol Specification]] * [[https://foaf.me/simpleLogin.php][Test WebID Protocol Certificate page]] * [[http://test.foafssl.org/cert/][WebID Protocol Certificate Generation page]]