Generate an X.509 Certificate (with a WebID? watermark) to be managed by the Opera browser-based keystore


  1. Set up an X.509 certificate issuer and HTTPS listener.
  2. Set up an X.509 Certificate Service.

Certificate Generation Process

These steps will work against any ODS instance where you have the requisite privileges.

  1. Go to the ODS home page (local or remote) and log in as an existing ODS user (register ODS user if you don't have such):

  2. After log in, you will have an ODS-generated Person Entity Identifier (an HTTP URI that Identifies "You") of the form: http://cname/dataspace/person/user-name#this

  3. Fill out your profile, if still in default state: (Note: If this step is skipped, the resulting X.509 certificate may not have a human-readable name.)

  4. Go to Security:

  5. Go to Certificate Generator:

  6. Fill out the form, for example:
    • Country: UK;
    • Organization: OL;
    • Valid for: 90 hours:

  7. Click Submit certificate request.
  8. Opera should show prompt to install the certificate:

  9. Click Install.
  10. Confirm the installation:

  11. The new certificate should now be installed in Opera's keystore:

  12. Go to ODS Security -> X.509 Certificates.
  13. The new certificate should be shown in the list of available for the logged in ODS user's certificates :

  14. Note you have now also the option automatic WebID? Login set to enabled -- a powerful feature benefits of which we will demonstrate next in our example:
  15. Verify the new certificate by performing the following steps:
    1. Log out and access;
    2. When prompted by your browser, select the new certificate generated above:

    3. You should then be presented with the ODS Log-in form. Click WebID? Login:

    4. You should now be successfully logged in:

    5. If you now log in as another user (e.g., demo), you can share a resource to the above user, using a WebID-based ACL, which is itself enabled by the new WebID?-watermarked X.509 Certificate.