How to create a certificate for WebID-TLS


#1

Hello. I’m starting with solid, and want to try WebID-TLS.

I can’t find how to create a certificate. I see some documentation about the WebID-TLS protocol, and all of them expect you have a certificate installed and then explain how to use it. In the w3c specification, it explains what requisites must it have, but also don’t tell how to create.

Is there any document I can follow to create a valid certificate, that tells the specific tools I should use?

Also, would it be possible to log in a pod with an official certificate issued by a well-known authority (for example, in Spain we have an agency that issues certificates that identify a specific person, to be used in operations with the public administration). If it was possible, how do I to link the certificate with my webId?


#2

Modern operating systems include X.509 Certificate generators. Typically, these utilities accompany the local OS keystore (e.g., Keychain and macOS and Keystore on Windows) or the openssl suite bundled with each OS.

Alternatively, you can also use tools built specifically for WeID that will produce:

  1. X.509 with your WebID in the SAN slot
  2. Generate matching credentials from the generated X.509 certifiate to your WebID-Profile document

Here are our offerings in relation to what you seek:

  1. YouID Browser Extension
  2. OpenLink Node Solid Server (NSS) – Live Instance
  3. OpenLink Node Solid Server – Github Repo

Related


#3

hirunatan, did you ever successfully authenticate to a pod using an Identity certificate issued by a CA? We are trying to do the same.

I see that the WebID URL needs to be in the SAN. We can do that easily enough. Would I need to publish the public key in the profile? What other steps are needed to do this successfully?

Thanks for your time.
Kevin


#4

I think that I found the info I need here: https://github.com/solid/solid-spec/blob/master/solid-webid-profiles.md

" A profile SHOULD include cert:key public key certificate information, for use with WebID+TLS (which is currently the primary Solid authentication mechanism)"

That ant the WebID URL in the SAN of the certificate should do the trick. Will try it soon.


#5

I documented the steps I followed to create a certificate and add it to my browser and profile at https://github.com/solid/solid/issues/134#issuecomment-374413832


#6

I’m trying to use one of the certificates issued by the Spanish government (https://www.sede.fnmt.gob.es/certificados/persona-fisica/obtener-certificado-software). These certificates are validated and linked to a personal identity card, so that they legally identify the physical person that uses them.

In my first tests, I apparently was able to use it to log into my pod (without needing to do anything specially strange), but now I seem to have broken something and it does not work. I’m trying to fix it up, but have very small time to dedicate to these tasks. I’ll write someting if I can get it to work again.