Certificate Authority and Issuer Setup Guide

The following step-by-step guide walks you through the processing of configuring your ODS instance for issuing CA-Authority notarized X.509 certificates for ODS instance users.

Certificate Authority Setup

1. Install the ODS Framework and Virtuoso Conductor VAD packages.
2. Bind your Virtuoso HTTPS Listener to host a CA-Authority certificate.

ODS Endpoint Configuration

1. Go to Conductor -> System Admin -> Security -> Public Key Infrastructure -> Configure HTTPS Listeners.
   
   
   
   
2. Click Configure ODS Endpoints
   
   
   
   
3. Click Create New Endpoint
4. Enter the home path for ODS, and save:
   
   
   
   
5. The new endpoint should now appear in the Endpoints list:
   
   
   
   
6. Go to the HTTPS site, e.g., https://<cname>:<port>/ods/; in our example, https://localhost:4433/ods/.
   1. If Firefox is used, it will complain that the certificate is not valid, so we must register the site's certificate.
      
      
      
      
   2. To add an exception to the Firefox certificate manager, drill down to Firefox Tools -> Options -> View Certificates -> Servers -> Add Exception.
      
      
      
      
   3. Confirm exception.
      
      
      
      
7. Return to the ODS site, and register new user.
   
   
   
   
8. Generate an X.509 Certificate for the new user.
9. Log out from ODS and refresh browser to simulate opening the ODS site.
10. Go to https://<cname>:<ssl-port>/ods/. The browser will ask for a certificate; select the one you generated in the steps above.
    
    
    
    
11. ODS presents your card, and asks whether to login with that certificate. Confirm it.
    
    
    
    
12. You should now be logged in to ODS via WebID Protocol.
    
    
    
    

Related

• Safeguarding your Virtuoso-hosted SPARQL Endpoint
• SPARQL Endpoint Protection Methods Collection
• Virtuoso documentation
  • SPARQL Service Endpoint
  • Service Endpoint Security
  • Managing a SPARQL Web Service Endpoint
  • SPARQL
• Virtuoso Tips and Tricks Collection
  • SPARQL Endpoint DET Configuration Guide
  • WebID Protocol & SPARQL Endpoint ACLs Tutorial
  • SPARQL OAuth Tutorial
  • Securing SPARQL endpoints
• SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint
• Virtuoso Authentication Server UI
• Manage a SPARQL-WebID based Endpoint
• Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener
• Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener
• WebID Protocol Support in OpenLink Data Spaces.
• Manage ODS Datadspaces Objects WebID Access Control Lists (ACLs):
  • ODS Briefcase WebID based ACL Guide
    • Person Entity WebID based ACL Guide
    • Group Entity WebID based ACL Guide
    • Public WebID based ACL Guide
  • ODS Feed Manager WebID based ACL Guide
    • Person Entity Specific ACL
    • Group Entity Specific ACL
    • Public Specific ACL for anyone with a WebID
  • ODS Calendar WebID based ACL Guide
    • Person Entity Specific ACL
    • Group Entity Specific ACL
    • Public Specific ACL for anyone with a WebID
  • ODS Bookmark Manager WebID based ACL Guide
    • Person Entity Specific ACL
    • Group Entity Specific ACL
    • Public Specific ACL for anyone with a WebID
  • ODS Addressbook WebID based ACL Guide
    • Person Entity Specific ACL
    • Group Entity Specific ACL
    • Public Specific ACL for anyone with a WebID
• Setting up PubSubHub in ODS
• PubSubHubBub Demo Client Example
• Feed subscription via PubSubHub protocol Example
• Setting Up PubSubHub to use WebID Protocol or IP based control lists
• CA Keys Import using Conductor
• WebID Protocol Support in OpenLink Data Spaces.
• Generate an X.509 Certificate hosted WebID Guide
• Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore
• Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore
• Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate
• Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate
• ODS Briefcase WebID Protocol Share File Guide
• WebID Protocol Specification
• Test WebID Protocol Certificate page
• WebID Protocol Certificate Generation page