%META:TOPICPARENT{name="ODSGenerateWebIDX509CertOSKeystore"}%
---+Generate an X.509 Certificate (with a WebID watermark) that's managed by host operating system keystore: Safari (on Mac OS X Only)
1 [[ODSSetupSSL][Set up an X.509 certificate issuer and HTTPS listener]].
1 [[ODSX509GenerateIESetService][Set up X.509 Certificate Service]].
1 Go to the ODS home page (local or remote) and register new user (or log in as existing ODS user):
%BR%%BR%%BR%%BR%
1 Post registration you end up with an ODS generated Person Entity Identifier (an HTTP URI that Identifies "You") that takes the form:
http://cname/dataspace/person/user-name#this
%BR%%BR%%BR%%BR%
1 Edit your profile (Note: If this step is skipped, the resulting X.509 certificate will not have a human readable name):
%BR%%BR%%BR%%BR%
1 Go to Profile Edit -> "Security":
%BR%%BR%%BR%%BR%
1 Go to "Certificate Generator":
%BR%%BR%%BR%%BR%
1 Complete the certificate details for the user:
%BR%%BR%%BR%%BR%
1 Click "Submit Certificate Request" to generate the certificate.
1 The Mac OS X key chain is automatically loaded with the new certificate loaded:
%BR%%BR%%BR%%BR%
1 The certificate is "untrusted" in the key chain by default and needs to be set to trusted by.
1 Specify Certificate details:
%BR%%BR%%BR%%BR%
1 Right Click on the certificate name and select the "Get Info" item:
%BR%%BR%%BR%%BR%
1 Expand the tree of the "Trust" item on the left:
%BR%%BR%%BR%%BR%
1 Set the "when using this certificate" drop down to "Always trust":
%BR%%BR%%BR%%BR%
1 Enter the password for the user account to authorize the trust change in the key chain:
%BR%%BR%%BR%%BR%
1 Right click on the certificate again and select the "New Identity Preference" to the secure HTTP address of the ODS server for ex. [[https://id.myopenlink.net/ods][https://id.myopenlink.net/ods]] and click "Add":
%BR%%BR%%BR%%BR%
1 Go to the "X.509 Certificates" tab of the ODS user account and click on the "Edit" button of the generated certificate:
%BR%%BR%%BR%%BR%
1 Select the "Enable Automatic WebID Login" checkbox and click "Save Certificate" to enable WebID access of this user:
%BR%%BR%%BR%%BR%
1 Log out and access for ex.: [[https://id.myopenlink.net/ods][https://id.myopenlink.net/ods]].
1 Select when prompted from your browser, the certificate generated from above.
1 The WebID login for the selected user certificate will be presented to enable secure login:
%BR%%BR%%BR%%BR%
1 [[ODSBriefcaseWebIDPerson][Perform an WebID based ACL Sharing of a resource]] to the user with the generated from above X.509 hosted WebID.
Note: these steps apply to any ODS instance.
---++Related
* [[ODSGenerateWebIDX509CertOSKeystore][Generate an X.509 Certificate (with a WebID watermark) that's managed by host operating system keystore]]
* [[ODSGenerateWebIDX509CertOSKeystoreChrome][Chrome]]
* [[ODSGenerateWebIDX509CertOSKeystoreIE][IE]]
* [[ODSGenerateWebIDX509CertOSKeystoreFFNETExt][Firefox]]
* [[ODSGenerateX509Certificate][Guide of generating X.509 Certificates via ODS]]
* [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLEndpointProtection][Safeguarding your Virtuoso-hosted SPARQL Endpoint]]
* [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtTipsAndTricksGuideSPARQLEndpointProtection][SPARQL Endpoint Protection Methods Collection]]
* [[http://docs.openlinksw.com/virtuoso/][Virtuoso documentation]]
* [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpoint][SPARQL Service Endpoint]]
* [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpointuri][Service Endpoint Security]]
* [[http://docs.openlinksw.com/virtuoso/rdfsparql.html#sparqwebservicetbl][Managing a SPARQL Web Service Endpoint]]
* [[http://docs.openlinksw.com/virtuoso/rdfsparql.html][SPARQL]]
* [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtTipsAndTricksGuide][Virtuoso Tips and Tricks Collection]]
* [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLDET][SPARQL Endpoint DET Configuration Guide]]
* [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLSecurityWebID][WebID Protocol & SPARQL Endpoint ACLs Tutorial]]
* [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtOAuthSPARQL][SPARQL OAuth Tutorial]]
* [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtTipsAndTricksGuideSPARQLEndpoints][Securing SPARQL endpoints]]
* [[OdsSPARQLAuth][SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint]]
* [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtAuthServerUI][Virtuoso Authentication Server UI]]
* [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLSSL][Manage a SPARQL-WebID based Endpoint]]
* [[VirtODSSecurityWebID][WebID Protocol Support in OpenLink Data Spaces]].
* Manage ODS Datadspaces Objects WebID Access Control Lists (ACLs):
* [[ODSBriefcaseWebID][ODS Briefcase WebID based ACL Guide]]
* [[ODSBriefcaseWebIDPerson][Person Entity WebID based ACL Guide]]
* [[ODSBriefcaseWebIDGroup][Group Entity WebID based ACL Guide]]
* [[ODSBriefcaseWebIDPublic][Public WebID based ACL Guide]]
* [[ODSFeedManagerWebIDACL][ODS Feed Manager WebID based ACL Guide]]
* [[ODSFeedManagerWebIDACLPerson][Person Entity Specific ACL]]
* [[ODSFeedManagerWebIDACLGroup][Group Entity Specific ACL]]
* [[ODSFeedManagerWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
* [[ODSCalendarWebIDACL][ODS Calendar WebID based ACL Guide]]
* [[ODSCalendarWebIDACLPerson][Person Entity Specific ACL]]
* [[ODSCalendarWebIDACLGroup][Group Entity Specific ACL]]
* [[ODSCalendarWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
* [[ODSBookmarksWebIDACL][ODS Bookmark Manager WebID based ACL Guide]]
* [[ODSBookmarksWebIDACLPerson][Person Entity Specific ACL]]
* [[ODSBookmarksWebIDACLGroup][Group Entity Specific ACL]]
* [[ODSBookmarksWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
* [[ODSAddressBookWebIDACL][ODS Addressbook WebID based ACL Guide]]
* [[ODSAddressBookWebIDACLPerson][Person Entity Specific ACL]]
* [[ODSAddressBookWebIDACLGroup][Group Entity Specific ACL]]
* [[ODSAddressBookWebIDACLPublic][Public Specific ACL for anyone with a WebID]]
* [[ODSPkiSetup][Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates]]
* [[ODSSetupSSL][Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener]]
* [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSetupSSL][Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener]]
* [[VirtODSPubSubHub][Setting up PubSubHub in ODS]]
* [[VirtPubSubHub][PubSubHubBub Demo Client Example]]
* [[VirtFeedPubSubHub][Feed subscription via PubSubHub protocol Example ]]
* [[VirtPubSubHubACL][Setting Up PubSubHub to use WebID Protocol or IP based control lists]]
* [[OdsKeyImport][CA Keys Import using Conductor]]
* [[ODSGenerateWebIDX509CertBrsKeystore][Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore]]
* [[ODSWebIDIdP][Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate]]
* [[ODSWebIDIdpProxy][Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate]]
* [[ODSBriefcaseWebIDShareFile][ODS Briefcase WebID Protocol Share File Guide]]
* [[http://esw.w3.org/topic/foaf+ssl][WebID Protocol Specification]]
* [[https://foaf.me/simpleLogin.php][Test WebID Protocol Certificate page]]
* [[http://test.foafssl.org/cert/][WebID Protocol Certificate Generation page]]