Generate an X.509 Certificate (with a WebID? watermark) that is managed by host operating system keystore: Chrome

  1. Set up an X.509 certificate issuer and HTTPS listener.
  2. Set up X.509 Certificate Service.
  3. Go to the ODS home page (local or remote) and register new user (or log in as existing ODS user):

  4. Post registration you end up with an ODS generated Person Entity Identifier (an HTTP URI that Identifies "You") that takes the form:


  5. Edit your profile (Note: If this step is skipped, the resulting X.509 certificate will not have a human readable name):

  6. Go to Profile Edit -> "Security":

  7. Go to "Certificate Generator":

  8. Enter in the shown form for ex:
    • "Country": UK;
    • "Organization": OL;
    • Valid for: 90 hours:

  9. Click "Submit Certificate Request".
  10. As result browser should show a message for successfully stored the client certificate:

  11. Go to Security -> X.509 Certificates.
  12. The generated certificate should be shown in the list of available for the logged in ODS user's certificates:

  13. Note you have now also the option automatic WebID? Login set to enabled -- a powerful feature benefits of which we will demonstrate next in our example:

  14. Verify the generated certificate by performing the following steps:
    1. Log out and access for ex.
    2. Select when prompted the certificate generated from above:

    3. Click "WebID? Login":

    4. As result you should be successfully logged in:

    5. Additionally you can perform an WebID based ACL Sharing of a resource to the user with the generated from above X.509 hosted WebID?.

Note: these steps apply to any ODS instance.