17.3.9.Set Up X.509 certificate issuer, HTTPS listener and generate ODS user's certificates

The following Step-by-Step guide walks you through set up of an X.509 certificate issuer and HTTPS listener, and generation of ODS user certificates.

  1. Install ODS and Virtuoso Conductor VAD packages.

    Figure17.7.Setting-Up issuer CA

    Setting-Up issuer CA

  2. Go to the http://cname:port/identity_manager URL, enter the DBA user credentials in the dialog presented.

    Figure17.8.Setting-Up issuer CA

    Setting-Up issuer CA

  3. Enter the Issuer details and click generate.

    Figure17.9.Setting-Up issuer CA

    Setting-Up issuer CA

  4. Go to Conductor -> Web Application Server -> Virtual Domains & Directories, and add a new listener.

    Figure17.10.Setting-Up issuer CA

    Setting-Up issuer CA

  5. Edit the new listener, and generate new key.

    Figure17.11.Setting-Up issuer CA

    Setting-Up issuer CA

  6. Go to Packages list and select Configure for ODS Framework.

    Figure17.12.Setting-Up issuer CA

    Setting-Up issuer CA

  7. Select Create New Endpoint.

    Figure17.13.Setting-Up issuer CA

    Setting-Up issuer CA

  8. Enter the home path for ODS, and save.

    Figure17.14.Setting-Up issuer CA

    Setting-Up issuer CA

  9. The new endpoint should now appear in the endpoint list.

    Figure17.15.Setting-Up issuer CA

    Setting-Up issuer CA

  10. Go to the HTTPS site, e.g., https://cname:port/ods; in our example, https://localhost:4433/ods/. If Firefox is used, it will complain that the certificate is not valid, so we must register the site's certificate.

    Figure17.16.Setting-Up issuer CA

    Setting-Up issuer CA

  11. In Firefox certificate manager, in Site's certificates, add an exception.

    Figure17.17.Setting-Up issuer CA

    Setting-Up issuer CA

  12. Confirm exception.

    Figure17.18.Setting-Up issuer CA

    Setting-Up issuer CA

  13. Return to ODS site, and register new user.

    Figure17.19.Setting-Up issuer CA

    Setting-Up issuer CA

  14. Edit the user's profile and enter his/her name(s). If this step is skipped, the certificate will not have a human readable name.

    Figure17.20.Setting-Up issuer CA

    Setting-Up issuer CA

  15. Open the Security tab in the Profile Editor, and generate the client key.

    Figure17.21.Setting-Up issuer CA

    Setting-Up issuer CA

  16. If all is set up correctly, you should see this message. It means Firefox has the private key, and has obtained a new certificate from the server.

    Figure17.22.Setting-Up issuer CA

    Setting-Up issuer CA

  17. Refresh the Security tab by clicking on same tab.

    Figure17.23.Setting-Up issuer CA

    Setting-Up issuer CA

  18. Select automatic login option, and save.

    Figure17.24.Setting-Up issuer CA

    Setting-Up issuer CA

  19. Log out from ODS and refresh browser to simulate opening the ODS site. The browser will ask for a certificate; select the one generated in the steps above.

    Figure17.25.Setting-Up issuer CA

    Setting-Up issuer CA

  20. ODS presents your card, and asks to login with certificate. Confirm it.

    Figure17.26.Setting-Up issuer CA

    Setting-Up issuer CA

  21. You should now be logged in to ODS via WebID Protocol.

    Figure17.27.Setting-Up issuer CA

    Setting-Up issuer CA