How to create a certificate for WebID-TLS


Hello. I’m starting with solid, and want to try WebID-TLS.

I can’t find how to create a certificate. I see some documentation about the WebID-TLS protocol, and all of them expect you have a certificate installed and then explain how to use it. In the w3c specification, it explains what requisites must it have, but also don’t tell how to create.

Is there any document I can follow to create a valid certificate, that tells the specific tools I should use?

Also, would it be possible to log in a pod with an official certificate issued by a well-known authority (for example, in Spain we have an agency that issues certificates that identify a specific person, to be used in operations with the public administration). If it was possible, how do I to link the certificate with my webId?


Modern operating systems include X.509 Certificate generators. Typically, these utilities accompany the local OS keystore (e.g., Keychain and macOS and Keystore on Windows) or the openssl suite bundled with each OS.

Alternatively, you can also use tools built specifically for WeID that will produce:

  1. X.509 with your WebID in the SAN slot
  2. Generate matching credentials from the generated X.509 certifiate to your WebID-Profile document

Here are our offerings in relation to what you seek:

  1. YouID Browser Extension
  2. OpenLink Node Solid Server (NSS) – Live Instance
  3. OpenLink Node Solid Server – Github Repo