%META:TOPICPARENT{name="ODSGenerateWebIDX509CertOSKeystore"}%

---+Generate an X.509 Certificate (with a WebID watermark) that's managed by host operating system keystore: Safari (on Mac OS X Only)


   1 [[ODSSetupSSL][Set up an X.509 certificate issuer and HTTPS listener]].
   1 [[ODSX509GenerateIESetService][Set up X.509 Certificate Service]].
   1 Go to the ODS home page (local or remote) and register new user (or log in as existing ODS user):
%BR%%BR%<a href="%ATTACHURLPATH%/sfr1.png" target="_blank"><img src="%ATTACHURLPATH%/sfr1.png" width="600px" /></a>%BR%%BR%
   1 Post registration you end up with an ODS generated Person Entity Identifier (an HTTP URI that Identifies "You") that takes the form: 
<verbatim>
http://cname/dataspace/person/user-name#this
</verbatim>
%BR%%BR%<a href="%ATTACHURLPATH%/sfr2.png" target="_blank"><img src="%ATTACHURLPATH%/sfr2.png" width="600px" /></a>%BR%%BR%
   1 Edit your profile (Note: If this step is skipped, the resulting X.509 certificate will not have a human readable name):
%BR%%BR%<a href="%ATTACHURLPATH%/sfr3.png" target="_blank"><img src="%ATTACHURLPATH%/sfr3.png" width="600px" /></a>%BR%%BR%
   1 Go to Profile Edit -> "Security":
%BR%%BR%<a href="%ATTACHURLPATH%/sfr4.png" target="_blank"><img src="%ATTACHURLPATH%/sfr4.png" width="600px" /></a>%BR%%BR%
   1 Go to "Certificate Generator":
%BR%%BR%<a href="%ATTACHURLPATH%/sfr5.png" target="_blank"><img src="%ATTACHURLPATH%/sfr5.png" width="600px" /></a>%BR%%BR%
   1 Complete the certificate details for the user:  
%BR%%BR%<a href="%ATTACHURLPATH%/sfr6.png" target="_blank"><img src="%ATTACHURLPATH%/sfr6.png" width="600px" /></a>%BR%%BR%
   1 Click "Submit Certificate Request" to generate the certificate. 
   1 The Mac OS X key chain is automatically loaded with the new certificate loaded:
%BR%%BR%<a href="%ATTACHURLPATH%/sfr7.png" target="_blank"><img src="%ATTACHURLPATH%/sfr7.png" width="600px" /></a>%BR%%BR%
   1 The certificate is "untrusted" in the key chain by default and needs to be set to <b>trusted by</b>.
   1 Specify Certificate details:
%BR%%BR%<a href="%ATTACHURLPATH%/sfr8.png" target="_blank"><img src="%ATTACHURLPATH%/sfr8.png" width="600px" /></a>%BR%%BR%
   1 Right Click on the certificate name and select the "Get Info" item:
%BR%%BR%<a href="%ATTACHURLPATH%/sfr9.png" target="_blank"><img src="%ATTACHURLPATH%/sfr9.png" width="600px" /></a>%BR%%BR%
   1 Expand the tree of the "Trust" item on the left:
%BR%%BR%<a href="%ATTACHURLPATH%/sfr10.png" target="_blank"><img src="%ATTACHURLPATH%/sfr10.png" width="600px" /></a>%BR%%BR%
   1 Set the "when using this certificate" drop down to "Always trust":
%BR%%BR%<a href="%ATTACHURLPATH%/sfr11.png" target="_blank"><img src="%ATTACHURLPATH%/sfr11.png" width="600px" /></a>%BR%%BR%
   1 Enter the password for the user account to authorize the trust change in the key chain:
%BR%%BR%<a href="%ATTACHURLPATH%/sfr12.png" target="_blank"><img src="%ATTACHURLPATH%/sfr12.png" width="600px" /></a>%BR%%BR%
   1 Right click on the certificate again and select the "New Identity Preference" to the secure HTTP address of the ODS server for ex. [[https://id.myopenlink.net/ods][https://id.myopenlink.net/ods]] and click "Add":
%BR%%BR%<a href="%ATTACHURLPATH%/sfr13.png" target="_blank"><img src="%ATTACHURLPATH%/sfr13.png" width="600px" /></a>%BR%%BR%
   1 Go to the "X.509 Certificates" tab of the ODS user account and click on the "Edit" button of the generated certificate:
%BR%%BR%<a href="%ATTACHURLPATH%/sfr14.png" target="_blank"><img src="%ATTACHURLPATH%/sfr14.png" width="600px" /></a>%BR%%BR%
   1 Select the "Enable Automatic <nop>WebID Login" checkbox and click "Save Certificate" to enable WebID access of this user:
%BR%%BR%<a href="%ATTACHURLPATH%/sfr15.png" target="_blank"><img src="%ATTACHURLPATH%/sfr15.png" width="600px" /></a>%BR%%BR%
   1 Log out and access for ex.: [[https://id.myopenlink.net/ods][https://id.myopenlink.net/ods]].
   1 Select when prompted from your browser, the certificate generated from above.
   1 The WebID login for the selected user certificate will be presented to enable secure login:
%BR%%BR%<a href="%ATTACHURLPATH%/sfr16.png" target="_blank"><img src="%ATTACHURLPATH%/sfr16.png" width="600px" /></a>%BR%%BR%
   1 [[ODSBriefcaseWebIDPerson][Perform an WebID based ACL Sharing of a resource]] to the user with the generated from above X.509 hosted WebID.

Note: these steps apply to any ODS instance.


---++Related

   * [[ODSGenerateWebIDX509CertOSKeystore][Generate an X.509 Certificate (with a WebID watermark) that's managed by host operating system keystore]]
      * [[ODSGenerateWebIDX509CertOSKeystoreChrome][Chrome]]   
      * [[ODSGenerateWebIDX509CertOSKeystoreIE][IE]]         
      * [[ODSGenerateWebIDX509CertOSKeystoreFFNETExt][Firefox]]            
   * [[ODSGenerateX509Certificate][Guide of generating X.509 Certificates via ODS]]
   * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLEndpointProtection][Safeguarding your Virtuoso-hosted SPARQL Endpoint]]
   * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtTipsAndTricksGuideSPARQLEndpointProtection][SPARQL Endpoint Protection Methods Collection]]
   * [[http://docs.openlinksw.com/virtuoso/][Virtuoso documentation]]
      * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpoint][SPARQL Service Endpoint]] 
      * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpointuri][Service Endpoint Security]] 
      * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#sparqwebservicetbl][Managing a SPARQL Web Service Endpoint]] 
      * [[http://docs.openlinksw.com/virtuoso/rdfsparql.html][SPARQL]]
   * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtTipsAndTricksGuide][Virtuoso Tips and Tricks Collection]]
      * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLDET][SPARQL Endpoint DET Configuration Guide]]       
      * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLSecurityWebID][WebID Protocol & SPARQL Endpoint ACLs Tutorial]]
      * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtOAuthSPARQL][SPARQL OAuth Tutorial]]
      * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtTipsAndTricksGuideSPARQLEndpoints][Securing SPARQL endpoints]]
   * [[OdsSPARQLAuth][SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint]]
   * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtAuthServerUI][Virtuoso Authentication Server UI]]
   * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLSSL][Manage a SPARQL-WebID based Endpoint]]
   * [[VirtODSSecurityWebID][WebID Protocol Support in OpenLink Data Spaces]].
   * Manage ODS Datadspaces Objects WebID Access Control Lists (ACLs):
      * [[ODSBriefcaseWebID][ODS Briefcase WebID based ACL Guide]]
         * [[ODSBriefcaseWebIDPerson][Person Entity WebID based ACL Guide]]
         * [[ODSBriefcaseWebIDGroup][Group Entity WebID based ACL Guide]]
         * [[ODSBriefcaseWebIDPublic][Public WebID based ACL Guide]]      
      * [[ODSFeedManagerWebIDACL][ODS Feed Manager WebID based ACL Guide]]
         * [[ODSFeedManagerWebIDACLPerson][Person Entity Specific ACL]]
         * [[ODSFeedManagerWebIDACLGroup][Group Entity Specific ACL]]
         * [[ODSFeedManagerWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
      * [[ODSCalendarWebIDACL][ODS Calendar WebID based ACL Guide]]
         * [[ODSCalendarWebIDACLPerson][Person Entity Specific ACL]]
         * [[ODSCalendarWebIDACLGroup][Group Entity Specific ACL]]
         * [[ODSCalendarWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
      * [[ODSBookmarksWebIDACL][ODS Bookmark Manager WebID based ACL Guide]]
         * [[ODSBookmarksWebIDACLPerson][Person Entity Specific ACL]]
         * [[ODSBookmarksWebIDACLGroup][Group Entity Specific ACL]]
         * [[ODSBookmarksWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
      * [[ODSAddressBookWebIDACL][ODS Addressbook  WebID based ACL Guide]]
         * [[ODSAddressBookWebIDACLPerson][Person Entity Specific ACL]]
         * [[ODSAddressBookWebIDACLGroup][Group Entity Specific ACL]]
         * [[ODSAddressBookWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
   * [[ODSPkiSetup][Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates]]
   * [[ODSSetupSSL][Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener]]        
   * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSetupSSL][Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener]]
   * [[VirtODSPubSubHub][Setting up PubSubHub in ODS]]
   * [[VirtPubSubHub][PubSubHubBub Demo Client Example]]
   * [[VirtFeedPubSubHub][Feed subscription via PubSubHub protocol Example ]]
   * [[VirtPubSubHubACL][Setting Up PubSubHub to use WebID Protocol or IP based control lists]]
   * [[OdsKeyImport][CA Keys Import using Conductor]]
   * [[ODSGenerateWebIDX509CertBrsKeystore][Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore]]
   * [[ODSWebIDIdP][Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate]]
   * [[ODSWebIDIdpProxy][Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate]]
   * [[ODSBriefcaseWebIDShareFile][ODS Briefcase WebID Protocol Share File Guide]]
   * [[http://esw.w3.org/topic/foaf+ssl][WebID Protocol Specification]]
   * [[https://foaf.me/simpleLogin.php][Test WebID Protocol Certificate page]]
   * [[http://test.foafssl.org/cert/][WebID Protocol Certificate Generation page]]