Not logged in : Login

About: EntryPoint - user_certificates_create     Goto   Sponge   NotDistinct   Permalink

An Entity of Type : schema:EntryPoint, within Data Space : associated with source document(s)
QRcode icon

  • ODS is a full-featured WebID server and supports authentication via WebID in all situations. Clients can easily create new WebID certificates via this method.

    WebID authentication means that the client sends an X.509 certificate with an embedded profile URL denoting the authenticating person. That URL resolves to an RDF profile document containing the public key from the certificate.

    The simplest way to create a new WebID-enabled X.509 certificate is for the client to use the keygen HTML tag to create a new RSA key pair. The public key will be sent to this method. ODS will then prepare the certifcate and return it to the client with mimetype application/x-x509-user-cert. The browser will install that certifcate in its key ring. It can then be used in suqsequent authentication actions with ODS or any other WebID enabled system.


    The minimal HTML code to create a new client certificate looks like the following: {.html} <formaction="/ods/api/user.certificates.create"> <keygenname="publicKey"/> <inputname="sid"type="hidden"value="SID"/> <inputname="realm"type="hidden"value="wa"/> <inputtype="submit"value="CreateCertificate"/> </form>

    Here the keygen tag creates the key pair and makes sure that the public key is sent on form submission. The hidden input fields are required for Authentication via Session Id. The realm is fixed to wa, but the session id value sid needs to be provided by the client from a previous authentication. How this value is filled in depends on the programming language used to build the client.

    Instead of using Authentication via Session Id via two hidden input fields clients could also use classical user digest credentials as detailed in Password Hash Authentication.

  • commonName

    The optional common name used for the certificate. If omitted one will be built from the ODS user profile name and the ODS domain name.

  • country

    The optional country used in the certificate. If omitted the value will be taken from the ODS user profile.

  • organization

    The optional organization used in the certificate. If omitted the value will be taken from the ODS user profile.

  • email

    The optional email address used in the certificate. If omitted the value will be taken from the ODS user profile. Be aware That the created certificate can only be used to digitally sign emails if the email address matches.

  • expirationDays

    The optional number of days this certificate should be valid. This defaults to 365 days, ie. one year.

  • expirationHours

    The optional number of hours thsi certificate should be valid. This value will be added to the value of expirationDays and simply provides a means for a finer-grained expiration control.

  • publicKey

    The mandatory public key in SPKI format.

The new X.509 certificate with mimetype application/x-x509-user-cert or an error code as defined in ODS Error Result Codes. On error an appropriate HTTP error code will be set in addition to a return value as described in ODS Error Result Codes.


This function requries authentication via one of the supported authentication methods as described in ODS Authentication.

  • EntryPoint - user_certificates_create
  • text/xml
  • GET
  • Create a new client certificate and accociate it with the authenticated user.

is target of
Faceted Search & Find service v1.17_git63 as of Apr 23 2021

Alternative Linked Data Documents: iSPARQL | ODE     Content Formats:       RDF       ODATA       Microdata      About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 08.03.3322 as of Jun 3 2021, on Linux (x86_64-generic-linux-glibc25), Single-Server Edition (30 GB total memory)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2021 OpenLink Software