How to register your website ID for did:web

Note

Azure Active Directory Verifiable Credentials is now Microsoft Entra Verified ID and part of the Microsoft Entra family of products. Learn more about the Microsoft Entra family of identity solutions and get started in the unified Microsoft Entra admin center.

Prerequisites

  • Complete verifiable credentials onboarding with Web as the selected trust system.
  • Complete the Linked Domain setup. Without completing this step, you can't perform this registration step.

Why do I need to register my website ID?

If your trust system for the tenant is Web, you need register your website ID to be able to issue and verify your credentials. When the trust system is Web, you have to make this information available on your website and complete this registration. When you use the ION based trust system, information like your issuers' public keys are published to blockchain and you don't need to complete this step.

How do I register my website ID?

  1. Navigate to the Verified ID in the Azure portal.

  2. On the left side of the page, select Registration.

  3. At the Website ID registration, select Review.

    Screenshot of website registration page.

  4. Copy or download the DID document being displayed in the box.

    Screenshot of did.json.

  5. Upload the file to your webserver. The DID document JSON file needs to be uploaded to location /.well-known/did.json on your webserver.

  6. Once the file is available on your webserver, you need to select the Refresh registration status button to verify that the system can request the file.

When is the DID document in the did.json file used?

The DID document contains the public keys for your issuer and is used during both issuance and presentation. An example of how the public keys are used is when Authenticator, as a wallet, validates the signature of an issuance or presentation request.

When does the did.json file need to be republished to the webserver?

The DID document in the did.json file needs to be republished if you changed the Linked Domain or if you rotate your signing keys.

How can I verify that the registration is working?

The portal verifies that the did.json is reachable and correct when you click the Refresh registration status button. You should also consider verifying that you can request that URL in a browser to avoid errors like not using https, a bad SSL certificate or the URL not being public. If the did.json file cannot be requested anonymously in a browser or via tools such as curl, without warnings or errors, the portal will not be able to complete the Refresh registration status step either.

Note

If you are experiencing problems refreshing your registration status, you can troubleshoot it via running curl -Iv https://yourdomain.com/.well-known/did.json on an machine with Ubuntu OS. Windows Subsystem for Linux with Ubuntu will work too. If curl fails, refreshing the registration status will not work.

Next steps