Self-Hosting
First, follow the instructions in the Getting Started guide. Then continue with this guide.
Add TLS certificate
With the completion of the Getting Started guide, the server is functional to create, update and
delete DIDs. However, when operating did-web-server under a DNS name other than localhost
the did:web
specification
requires resolvers to only accept encrypted traffic. Therefore, a certificate needs to be added to the server.
If possible, obtain a valid certificate from a known Certificate Authority (CA) like Let’s Encrypt and continue with section Install Certifcation. If this is not possible, create a local CA and with a self-issued certificate.
Create local Certificate Authority
The excellent mkcert tool simplifies the creation and operating system integration of a local Certificate Authority. Follow these steps to set up the Certificate Authority:
- Install mkcert following the instructions on https://github.com/FiloSottile/mkcert
- Setup and install local CA:
Ensure that the previous command completed successfully before proceeding to the next step.
Issue self-signed Certificate for Server
To issue the certificate, first determine the DNS name of the server. example.com
is assumed in the following steps.
Create private key and issue certificate:
Install Certificate
- Now, let’s enable the certificate in the configuration:
- With the updated configuration in place, let’s restart the server:
Test Functionality
The validity of the test server’s certificate can be tested by either visiting https://example.com/person/did.json in the browser or running the following command:
Congratulations, you have a fully operational did-web-server instance! 🎉