Step 1 - Identity Providers
Social Web Services
The buttons on this page enable you generate a personal digital identity card (X.509 certificate) using profile data you've already provided to the services listed below. Clicking one of these buttons triggers an authorized profile data (name & email address typically) exchange using the authentication protocol supported by the selected service. Once captured, the retrieved profile data is then used -- in combination with additional data captured via interactions with this service -- to construct a digital identity card comprised of cryptographically verifiable identity claims.
OpenID, WebID, WebFinger
This tab can be used to associate your WebID with:
- A FOAF Profile Document URL
- An OpenID Url
- A WebFinger URI (email address)
- Any text, HTML, or XHTML resource URL
This tab lets you create a WebID associated with a Blog or other resource accessible through ATOM publishing protocol. The system will create a post containing the verification signature in the given service. You will need to provide an URL, and valid authentication credentials to create the post.
These credentials will be used solely to create the post, and will not be stored by the certificate generator.
Step 2 - Your Information and Certificate Parameters
The certificate may have many uses. WebID can be used for authenticating with web sites.
WebID + S/MIME may be used for both authentication and signing/encryption of emails.
Certificate cipher and strength are also important: longer keys are more difficult to produce
and crack, and therefore are usually safer.
The email address is required to enable the S/MIME options. It needs to be correct to make verification of signatures and encryption possible.
If you are unsure, just leave the values as they are by default.
Step 3 - Export and Save
This page rounds up the generation with posting of the ID claim, export and save of the certificate.
Post to ID Provider
Post the ID claim to the provider you chose to use in Step 1.
Save Using SPARQL
If you have access to a SPARQL endpoint with SPARQL 1.1 Update support, you can save the certificate info into a graph there.
You can download the certificate in several formats to import into an email client, or other software that can use them.
PKCS#12 and PEM export require the keys to be encrypted for transport. You will need to supply (and repeat) a passphrase to encrypt with.
You can copy the certificate info in various text-based serializations to include on a web page: XML+RDFa, HTML+Microdata, HTML+hData, JSON-LD, or ASCII-armored PEM.
Download the CA certificate used for signing your WebID certificate to import into other software that may use it for verification.