Certificate Generator Help

Step 1 - Identity Providers

Social Web Services

The buttons on this page enable you generate a personal digital identity card (X.509 certificate) using profile data you've already provided to the services listed below. Clicking one of these buttons triggers an authorized profile data (name & email address typically) exchange using the authentication protocol supported by the selected service. Once captured, the retrieved profile data is then used -- in combination with additional data captured via interactions with this service -- to construct a digital identity card comprised of cryptographically verifiable identity claims.

OpenID, WebID, WebFinger

This tab can be used to associate your WebID with:


This tab lets you create a WebID associated with a Blog or other resource accessible through ATOM publishing protocol. The system will create a post containing the verification signature in the given service. You will need to provide an URL, and valid authentication credentials to create the post.
These credentials will be used solely to create the post, and will not be stored by the certificate generator.

Step 2 - Your Information and Certificate Parameters

The certificate may have many uses. WebID can be used for authenticating with web sites. WebID + S/MIME may be used for both authentication and signing/encryption of emails. Certificate cipher and strength are also important: longer keys are more difficult to produce and crack, and therefore are usually safer.
The email address is required to enable the S/MIME options. It needs to be correct to make verification of signatures and encryption possible.
If you are unsure, just leave the values as they are by default.

Step 3 - Export and Save

This page rounds up the generation with posting of the ID claim, export and save of the certificate.

Post to ID Provider

Post the ID claim to the provider you chose to use in Step 1.

Save Using SPARQL

If you have access to a SPARQL endpoint with SPARQL 1.1 Update support, you can save the certificate info into a graph there.


You can download the certificate in several formats to import into an email client, or other software that can use them.
PKCS#12 and PEM export require the keys to be encrypted for transport. You will need to supply (and repeat) a passphrase to encrypt with.

Text Dump

You can copy the certificate info in various text-based serializations to include on a web page: XML+RDFa, HTML+Microdata, HTML+hData, JSON-LD, or ASCII-armored PEM.

CA Certificate

Download the CA certificate used for signing your WebID certificate to import into other software that may use it for verification.