The good part is XRI document supports XML Signature. This document explains how to generate Public and Private Certificates used for XML Signature.
Credits :
for providing following Ant Build Script which make it very easy to generate Certificates.
Dependencies :
The Ant Script is using OpenSSL software to generate the Certificates.
On most of Unix Distributions OpenSSL is installed by default.
On Windows Machine, you can get OpenSSL Binary file from here
http://www.openssl.org/related/binaries.html (This is preferred way if all you need is OpenSSL)
OpenSSL is also part of Cygwin Distribution http://www.cygwin.com/
Important :
At runtime OpenSSL software is using following configuration file
"%OPENXRI_HOME%\org.openxri.server\openxri_ca.cnf"
So if any of the certificate file names are changed in "certs_build.xml" please make sure same reflects back in "openxri_ca.cnf" also.
Step 1 :
The Ant build Script handles most of the complexity and tries to make process of generating certificates as simple as possible.
Using Text Editor first open following file,
"%OPENXRI_HOME%\org.openxri.server\generatecerts.cmd"
(generatecerts.ksh on Unix)
And change the values for following variables,
OPENXRI_CA_HOME OPENSSL_BINARY
OPENXRI_CA_HOME will have location where the generated Certificates files will be stored
OPENSSL_BINARY is the location where OpenSSL is installed
Step 2 :
Next from command prompt execute following commands,
prompt> cd %OPENXRI_HOME%\org.openxri.server
prompt> generatecerts.cmd
(generatecerts.ksh on Unix)
At the runtime it will request for following input
"Please enter common-name (CN)"
For this you can enter the server name, for example "myxriserver"
The Ant script will take care of rest of the steps required to generate the Certificates.
The end result is you will have all the certificates in following folder,
%OPENXRI_HOME%\org.openxri.server\dist\certs
That's all you need to do. Your certificates are ready for use for XML Signature